Title: Deception in Web Application Honeypots: Case of Glastopf

Issue Number: Vol. 6, No. 4
Year of Publication: Oct - 2017
Page Numbers: 179-185
Authors: Banyatsang Mphago, Dimane Mpoeleng, Shedden Masupe
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P002304

Abstract:


Honeypots are special tools designed to help track and understand attacker?s motives and their attack methods. In web applications, several honeypots have been developed and some have since been abandoned by their developers. But as honeypots are deployed more and more within computer networks, malicious attackers also devise techniques to detect and circumvent these security tools and thereby exposing limitations in most web application honeypots. Dynamic honeypots however, are believed to be the future of honeypots due to their abilities to adjust to the changing environments. Glastpof is one of the more popular if not the most, dynamic web application honeypot currently released to the public. But Glastopf has its limitations too. Once deployed, Glastopf can be easily identified by the attackers due to its performance and appearance, and as such become less useful to the security community. This research describes some of the limitations inherent in Glastopf, and then proposes possible ways to make it more deceptive and more attractive to attackers.