Success Rates of Honeypots in P2P Botnet Tests

  • Meerah M. Al-Hakbani, Mostafa H. Dahshan

Abstract

Network security is a critically important aspect in our lives and is vital in protecting our environment from attacks. Some security systems use honeypots as a defence method to monitor the behaviour of a botnet by attracting a botmaster to add it in their botnet. Additionally, some mechanisms have been proposed to help the botmaster differentiate between a honeypot and a real device. In this study, we developed a method to help security defenders perform the authentication procedure developed by the botmaster to prevent a honeypot from being a member of their botnet. The presented method uses a fake infection command on the hosts that will be infected during the authentication process. This research involves a simulation to evaluate the performance of the presented method. To increase the credibility of our outcomes, we simulate the ZeroAccess botnet by using the Monte Carlo method. We show that this method offers a better chance for honeypots to bypass the botnet defence.

Published
2020-04-03
Section
Articles