Fuzzing based honeypot detection

OData support
Dr. Holczer Tamás
Department of Networked Systems and Services

The purpose of this thesis is to describe the honeypot systems that are used more and more often in industrial areas. Furthermore, my goal is to present the advantages and disadvantages of the system thoroughly and help fix any potential errors. Nowadays attacks on large industrial and company targets are more and more often. For reasons detailed in the thesis, firewalls, IPS, IDS systems mean less secure protection than before. Honeypots are used to cooperate with these systems.

In my thesis I am trying to eliminate a great disadvantage of honeypots or to at least help with that. This disadvantage is the fact that the honeypot can be detected. An easily detectable honeypot does not provide us with enough information to know an attack or attacker. Therefor it is necessary to reveal and correct the differences between honeypots and the production systems implemented by them.

I use the abilities of the fuzzer systems to solve this problem. So during this semester I design a fuzzer system provided with the appropriate framework. I test how the honeypot works by

the great amount of random data generated by the fuzzer system. Then I compare this with the corresponding production system.

Therefor I would like to test honeypots that are based on various text protocols. The main task is to test the application using the protocol, but in some cases I test the protocol itself as well.

Thus, an important part of the project is to design and implement a fuzzer which generates input for the honeypot and the real system. The other large part is the comparing function, which is looking for the differences between the answers given by the systems - but only reporting the relevant differences. This way, by the end of the project I will have created a difference detecting system that was tested on more honeypots.


Please sign in to download the files of this thesis.