Shellcode Detection in IPv6 Networks with HoneydV6 | Zendy

Sven Schindler | Zendy; Oliver Eggert | Zendy; Bettina Schnor | Zendy; Thomas Scheffler | Zendy

AI Assistant Blog Pricing

Home ZAIA Blog

Open Access

Shellcode Detection in IPv6 Networks with HoneydV6

Author(s) -

Sven Schindler,

Oliver Eggert,

Bettina Schnor,

Thomas Scheffler

Publication year - 2014

Publication title -

2014 11th international conference on security and cryptography (secrypt)

Language(s) - English

Resource type - Conference proceedings

DOI - 10.5220/0005016801980205

Subject(s) - computer science , ipv6 , computer network , operating system , the internet

More and more networks and services are reachable via IPv6 and the interest for security monitoring of these IPv6 networks is increasing. Honeypots are valuable tools to monitor and analyse network attacks. HoneydV6 is a low-interaction honeypot which is well suited to deal with the large IPv6 address space, since it is capable of simulating a large number of virtual hosts on a single machine. This paper presents an extension for HoneydV6 which allows the detection, extraction and analyses of shellcode contained in IPv6 network attacks. The shellcode detection is based on the open source library libemu and combined with the online malware analysis tool Anubis. We compared the shellcode detection rate of HoneydV6 and Dionaea. While HoneydV6 is able to detect about 25 % of the malicious samples, the Dionaea honeypot detects only about 6 %.

The content you want is available to Zendy users.

Already have an account? Click here to sign in.

Having issues? You can contact us here

Accelerating Research