Shellcode detection in IPv6 networks with HoneydV6

More and more networks and services are reachable via IPv6 and the interest for security monitoring of these IPv6 networks is increasing. Honeypots are valuable tools to monitor and analyse network attacks. HoneydV6 is a low-interaction honeypot which is well suited to deal with the large IPv6 addre...

Full description

Saved in:
Bibliographic Details
Published in2014 11th International Conference on Security and Cryptography (SECRYPT) pp. 1 - 8
Main Authors Schindler, Sven, Eggert, Oliver, Schnor, Bettina, Scheffler, Thomas
Format Conference Proceeding
LanguageEnglish
Published SCITEPRESS 01.08.2014
Subjects
Honeypot
Intrusion detection
IPv6
Libraries
Malware
Monitoring
Operating systems
Protocols
Shellcode
Online AccessGet full text

Cover

More Information
Summary:More and more networks and services are reachable via IPv6 and the interest for security monitoring of these IPv6 networks is increasing. Honeypots are valuable tools to monitor and analyse network attacks. HoneydV6 is a low-interaction honeypot which is well suited to deal with the large IPv6 address space, since it is capable of simulating a large number of virtual hosts on a single machine. This paper presents an extension for HoneydV6 which allows the detection, extraction and analyses of shellcode contained in IPv6 network attacks. The shellcode detection is based on the open source library libemu and combined with the online malware analysis tool Anubis. We compared the shellcode detection rate of HoneydV6 and Dionaea. While HoneydV6 is able to detect about 25 % of the malicious samples, the Dionaea honeypot detects only about 6 %.