Skip to Main content Skip to Navigation
Journal articles

Set-up and deployment of a high-interaction honeypot: experiment and lessons learned

Abstract : This paper presents the lessons learned from an empirical analysis of attackers behaviours based on the deployment on the Internet of a high-interaction honeypot for more than one year. We focus in particular on the attacks performed via the SSH service and the activities performed by the attackers once they gain access to the system and try to progress in their intrusion. The first part of the paper describes: i) the global architecture of the honeypot and the mechanisms used to capture the implementation details so that we can observe attackers behaviours and ii) the details of the experiment itself (duration, data captured, overview of the attackers activity). The second part presents the results of the observation of the attackers. It includes: i) the description of the global attack process, constituted of two main steps, dictionary attacks and intrusions and ii) the detailed analysis of these two main steps.
Document type :
Journal articles
Complete list of metadata

Cited literature [13 references]  Display  Hide  Download
Contributor : Mohamed Kaaniche <>
Submitted on : Friday, December 7, 2012 - 2:21:56 PM
Last modification on : Monday, July 6, 2020 - 10:48:18 AM
Long-term archiving on: : Friday, March 8, 2013 - 6:30:10 AM


Files produced by the author(s)



Vincent Nicomette, Mohamed Kaâniche, Eric Alata, Matthieu Herrb. Set-up and deployment of a high-interaction honeypot: experiment and lessons learned. Journal in Computer Virology, Springer Verlag, 2011, 7 (2), pp.143-157. ⟨10.1007/s11416-010-0144-2⟩. ⟨hal-00762596⟩



Record views


Files downloads