User emulation in honeypot systems

OData support
Dr. Buttyán Levente
Department of Networked Systems and Services

Unfortunately, cybercrime (i.e. crime committed with the help of computers and the Internet) is becoming more and more prevalent nowadays. There are several methods to prevent cybercrime, such as systems called honeypots. A honeypot is a virtual environment that appears to be a real and less protected from outside, thus, it attracts external attacks. Even if a honeypot is compromised, it can be restored quickly without major damage, therefore, the attack can be analysed in order to protect the production system from similar threats in the future.

During my work, my task was to design and implement a software package that provides the emulation of users in a simulated environment for a honeypot. Emulation is necessary, since achieving the most realistic implementation is an essential part of a system like that, and the vast majority of the system's traffic comes from different users' actions, such as e-mailing, using the Internet or other programmes.

As this task is very similar to user interface testing, I looked at existing frameworks first to see if I could use one of them for the project. The programme called SikuliX proved to be suitable for developing my own emulation framework in Java, with the help of which any arbitrary complex user process can be built easily in small basic steps. As an alternative to create processes manually, I wrote a Python script that records user inputs (mouse actions, keystrokes) and generates a user process that can be integrated into my own emulation framework in a simple way.

Finally, I wrote a main programme that creates the users with the help of the emulation framework and a configurational file describing the users, and it assigns the processes mentioned above to their role and then executes them on the appropriate computers of the honeypot.

During the project, I paid special attention to error-handling, since a number of unexpected events, like pop-ups or even system crashes, may occur during such a series of user actions.


Please sign in to download the files of this thesis.