Virtual Honeypots: From Botnet Tracking to Intrusion Detection

Chapter 7. Hybrid Systems

7.1 Collapsar

7.2 Potemkin

7.3 RolePlayer

7.4 Research Summary

7.5 Building Your Own Hybrid Honeypot System

7.6 Summary

When low-interaction systems are not powerful enough and high-interaction systems are too expensive, hybrid solutions offer the benefits of both worlds. Let’s say we want to capture real worms on a class B network under our control. It would be too expensive to set up 65,000 real machines, but by combining principals of low-interaction honeypots with high-interaction honeypots, we can use the low-interaction honeypots as gateways to a few high-interaction machines. The low-interaction honeypots filter out noise and scanning attempts and ensure that only interesting connections are forwarded to a set ...

Get Virtual Honeypots: From Botnet Tracking to Intrusion Detection now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Virtual Honeypots: From Botnet Tracking to Intrusion Detection by

Chapter 7. Hybrid Systems

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly