Exploring the fingerprintability of honeypot systems, based on observed discrepancies, and designing and proposing techniques for preventing detection
Date Issued
May 2025
Author(s)
Advisor
Abstract
Cybersecurity is a crucial aspect of today's highly interconnected world. Nowadays,
everything is connected to the internet, exposing a potentially broad surface to attacks,
since everything is susceptible. From personal computers, to servers, cloud
infrastructure, mobile devices, sensors, and even electrical appliances - almost every
device we use in our daily life - is potentially vulnerable and susceptible to attacks, and
is being attacked daily. One technology that has been designed and deployed to help us
better understand how attackers and malicious actors act, is honeypots. Honeypots are
decoy systems that aim to entrap attackers into thinking that they managed to gain
access to a system but in reality, they are in a separate environment aimed at monitoring
their behavior and letting the administrators know how an attacker is carrying out their
attack, what vulnerabilities they might go after, and what tools or techniques they are
using. This in the end can help the developers improve their system’s security. The
problem arises when an attacker figures out that they are interacting with a honeypot - a
process known as fingerprinting - and, as a result, they either avoid carrying out their
attack or, in some cases, even turn the honeypot against its owner. This thesis aims to
help make honeypots undetectable so they can spy on the attackers and let the
developers know their system’s weakest links. By analyzing headers, banners, and
service behaviors, and comparing them to those of real-world machines, I aim to
suggest practical techniques that enhance the stealth and effectiveness of honeypots.
everything is connected to the internet, exposing a potentially broad surface to attacks,
since everything is susceptible. From personal computers, to servers, cloud
infrastructure, mobile devices, sensors, and even electrical appliances - almost every
device we use in our daily life - is potentially vulnerable and susceptible to attacks, and
is being attacked daily. One technology that has been designed and deployed to help us
better understand how attackers and malicious actors act, is honeypots. Honeypots are
decoy systems that aim to entrap attackers into thinking that they managed to gain
access to a system but in reality, they are in a separate environment aimed at monitoring
their behavior and letting the administrators know how an attacker is carrying out their
attack, what vulnerabilities they might go after, and what tools or techniques they are
using. This in the end can help the developers improve their system’s security. The
problem arises when an attacker figures out that they are interacting with a honeypot - a
process known as fingerprinting - and, as a result, they either avoid carrying out their
attack or, in some cases, even turn the honeypot against its owner. This thesis aims to
help make honeypots undetectable so they can spy on the attackers and let the
developers know their system’s weakest links. By analyzing headers, banners, and
service behaviors, and comparing them to those of real-world machines, I aim to
suggest practical techniques that enhance the stealth and effectiveness of honeypots.
Subjects
File(s)![Thumbnail Image]()
![Thumbnail Image]()
Name
Stylianos Kyriakou-BSC-2025-abstract.pdf
Size
219.55 KB
Format
Adobe PDF
Checksum (MD5)
98f59efca14ca8ce3e0e1424fabd97fc
Name
Stylianos Kyriakou-BSC-2025.pdf
Size
1.55 MB
Format
Adobe PDF
Checksum (MD5)
fb683efb35622c8a7589f8649c12b3b4