Visible to the public Micro-Honeypot: Using Browser Fingerprinting to Track Attackers

TitleMicro-Honeypot: Using Browser Fingerprinting to Track Attackers
Publication TypeConference Paper
Year of Publication2018
AuthorsJia, Z., Cui, X., Liu, Q., Wang, X., Liu, C.
Conference Name2018 IEEE Third International Conference on Data Science in Cyberspace (DSC)
Keywordsanonymous networks, attack information, Browser Fingerprinting, browser fingerprinting technique, Browsers, compositionality, Computer crime, computer network security, conventional web honeypots, cryptography, cybercrime traceability, data privacy, fingerprint, Fingerprint recognition, Forensics, Hardware, honeypot, Human Behavior, Internet, invasive software, IP networks, Metrics, Micro-Honeypot, pubcrawl, Resiliency, security, Servers, stepping stones, track attackers, Tracking, web attacker, Web attacks, Web Browser Security, Web sites
AbstractWeb attacks have proliferated across the whole Internet in recent years. To protect websites, security vendors and researchers collect attack information using web honeypots. However, web attackers can hide themselves by using stepping stones (e.g., VPN, encrypted proxy) or anonymous networks (e.g., Tor network). Conventional web honeypots lack an effective way to gather information about an attacker's identity, which raises a big obstacle for cybercrime traceability and forensics. Traditional forensics methods are based on traffic analysis; it requires that defenders gain access to the entire network. It is not suitable for honeypots. In this paper, we present the design, implementation, and deployment of the Micro-Honeypot, which aims to use the browser fingerprinting technique to track a web attacker. Traditional honeypot lure attackers and records attacker's activity. Micro-Honeypot is deployed in a honeypot. It will run and gather identity information when an attacker visits the honeypot. Our preliminary results show that Micro-Honeypot could collect more information and track attackers although they might have used proxies or anonymous networks to hide themselves.
Citation Keyjia_micro-honeypot:_2018