CISUC

Neofelis, High-Interaction Honeypot Framework for Mac OS X

Authors

Abstract

A honeypot is a set of computational resources, designed to be swept, attacked and compromised. With a constant monitoring, detailedly record the attacker activities creating means to further understanding of the used approaches and tools. The value obtained from this computational resource is a measure calculated between the captured information and the future use of this data. Neofelis is a framework for high-interaction honeypots on Mac OS X operating system, that allows the system administrator to create a high-interaction honeypot feasible to several different scenarios.
This paper discusses Neofelis design, implementation and pointing out how the framework helps in different areas of the information security, e.g. detecting zero-day exploits and capturing informations about the attacks

Keywords

High-Interaction Honeypot, Framework, Syscall Hooking, Mac OS X, Information Security

Subject

Information Security

Conference

IBWAS'10, December 2010


Cited by

No citations found