Main Article Content
Malware; Malware Laboratory; Virtual Machine; Honeypot; Honeynet
According to studies conducted by researchers across the globe, in recent years there has been an increase in organization and company attacks. Some attacks have been detected, but others, however, were able to bypass the security mechanisms, taking advantage of an unknown vulnerability in security systems. In this context, Honeypots systems aim to collect information on the intruder’s activities and learn about threats and attackers’ behavior. Honeypots systems are not designed to remedy failures or security errors on the network, but are responsible for providing adequate information on potential attackers before compromising real systems. In this paper, a honeypot system was designed to study the techniques used by attackers. We designed and implemented a malware analysis laboratory based on honeypots technology in a controlled environment to analyze various security incidents. The use of honeypots is based on the idea of simulating applications with vulnerabilities and recording all events produced by attackers, so the network administrator can learn about the different types of attacks to protect organizational systems that are being produced. The results have been very important in terms of the number and types of security incidents recorded by the honeypots. Also, an administration interface for controlling and analyzing the gathered information was designed. This system was not only implemented but also tested for several weeks and data was collected from the attacks was analyzed. This led to some interesting statistics and characteristics about attackers and their goals.