Web-based Honeypot Decoys

Honeypots are a well known technique in order to gain more information about the proceeding of attackers in communication networks. With the constant growth of the Internet web applications have become more and more attractive and worthwhile targets for attackers. The web-based honeypots that exist so far exclusively focus on a low-interaction approach which only allows to monitor and observe a very limited amount of information about an attack.
In this work we extend the concept of honeypots and develop a generic high-interaction web-based honeypot toolkit.

The toolkit allows to transform an arbitrary web application into a high-interaction web-based honeypot, which can capture and record every single step an attacker performs at a system. In order to monitor and analyse the large amounts of data a high-interaction system accumulates, we furthermore develop a tool which supports the process of gaining the important information out of the collected data. We demonstrate the success of our approach by presenting different results and examples we obtained with our implementation during the last months.