Das Paper “Apate – A Linux Kernel Module for High Interaction Honeypots” der MuSe Autoren Christoph Pohl und Hans-Joachim Hof wurde für “The Ninth International Conference on Emerging Security Information, Systems and Technologies – SECURWARE 2015” in Venedig, Italien angenommen.
Abstract des Papers:
Honeypots are used in IT Security to detect and gather information about ongoing intrusions, e.g. by documenting the approach of an attacker. Honeypots do so by presenting an interactive system that seems just like a valid application to an attacker. This paper presents APATE, a Linux Kernel Module (LKM) that is able to log, block and manipulate system calls based on preconfigurable conditions like Process ID (PID), User Id (UID), and many more. APATE can be used to build and harden High Interaction Honeypots. APATE can be configured using an integrated high level language. Thus, APATE is an important building block for upcoming High Interaction Honeypots.