Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

B.Hive: A zero configuration forms honeypot for productive web applications

: Pohl, C.; Zugenmaier, A.; Meier, M.; Hof, H.-J.


Federrath, H. ; International Federation for Information Processing -IFIP-; International Federation for Information Processing -IFIP-, Technical Committee 11, Security and Protection in Information Processing Systems:
ICT Systems Security and Privacy Protection. 30th IFIP TC 11 International Conference, SEC 2015 : Hamburg, Germany, May 26-28, 2015, Proceedings
Cham: Springer International Publishing, 2015 (IFIP International Federation for Information Processing 455)
ISBN: 978-3-319-18466-1 (Print)
ISBN: 978-3-319-18467-8 (Online)
ISBN: 3-319-18466-0
International Conference on ICT Systems Security and Privacy Protection (SEC) <30, 2015, Hamburg>
Fraunhofer FKIE ()

Honeypots are used in IT Security to detect and gather information about ongoing intrusions by presenting an interactive system as attractive target to an attacker. They log all actions of an attacker for further analysis. The longer an attacker interacts with a honeypot, the more valuable information about the attack can be collected. Thus, it should be one of the main goals of a honeypot to stay unnoticed as long as possible. Also, a honeypot should appear to be a valuable target system to motivate attackers to attacks the honeypot. This paper presents a novel honeypot concept (B.Hive) that fulfills both requirements: it protects existing web application in productive use, hence offering an attractive attack target, and it uses a novel technique to conceal the honeypot components such that it is hard to detect the honeypot even by manual inspection. B.Hive does not need configuration or changes of existing web applications, it is web framework agnostic, and it only has a slight impact on the performance of the web application it protects. The evaluation shows that B.Hive can be used to protect the majority of the 10,000 most popular web sites (based on the Alexia Global Top 10,000 list), and that the honeypot cannot be identified by humans.