Honeypot-powered Malware Reverse Engineering

TL;DR

This paper presents enhancements to high interaction honeypots that enable more effective reverse engineering of malware, improving analysis of malicious behaviors captured during cyber attacks.

Contribution

It introduces specific features to high interaction honeypots that facilitate malware reverse engineering, addressing limitations of existing honeypots in analyzing automated attacks.

Findings

Enhanced honeypots improve malware behavior analysis

Better detection of attack techniques and payloads

Increased accuracy in reverse engineering malicious code

Abstract

Honeypots, i.e. networked computer systems specially designed and crafted to mimic the normal operations of other systems while capturing and storing information about the interactions with the world outside, are a crucial technology into the study of cyber threats and attacks that propagate and occur through networks. Among them, high interaction honeypots are considered the most efficient because the attacker (whether automated or not) perceives realistic interactions with the target machine. In the case of automated attacks, propagated by malwares, currently available honeypots alone are not specialized enough to allow the analysis of their behaviors and effects on the target system. The research presented in this paper shows how high interaction honeypots can be enhanced by powering them with specific features that improve the reverse engineering activities needed to effectively analyze captured malicious entities.