Honeypot-powered Malware Reverse Engineering
This work addresses the need for better malware analysis tools in cybersecurity, though it appears incremental as it builds on existing honeypot technology.
The paper tackles the problem of analyzing malware behaviors using honeypots by enhancing high-interaction honeypots with specific features to improve reverse engineering, resulting in more effective analysis of captured malicious entities.
Honeypots, i.e. networked computer systems specially designed and crafted to mimic the normal operations of other systems while capturing and storing information about the interactions with the world outside, are a crucial technology into the study of cyber threats and attacks that propagate and occur through networks. Among them, high interaction honeypots are considered the most efficient because the attacker (whether automated or not) perceives realistic interactions with the target machine. In the case of automated attacks, propagated by malwares, currently available honeypots alone are not specialized enough to allow the analysis of their behaviors and effects on the target system. The research presented in this paper shows how high interaction honeypots can be enhanced by powering them with specific features that improve the reverse engineering activities needed to effectively analyze captured malicious entities.