Honeypot-powered Malware Reverse Engineering

Honeypots, i.e. networked computer systems specially designed and crafted to mimic the normal operations of other systems while capturing and storing information about the interactions with the world outside, are a crucial technology into the study of cyber threats and attacks that propagate and occur through networks. Among them, high interaction honeypots are considered the most efficient because the attacker (whether automated or not) perceives realistic interactions with the target machine. In the case of automated attacks, propagated by malware, currently available honeypots alone are not specialized enough to allow the analysis of their behaviors and effects on the target system. The research presented in this paper shows how high interaction honeypots can be enhanced by powering them with specific features that improve the reverse engineering activities needed to effectively analyze captured malicious entities.