Towards automatic learning of valid services for honeypots

Honeypots have emerged as an important tool in the field of Intrusion Detection Systems. Honeypots are decoy machines whose sole purpose is to be compromised by network attackers, in order to gain information about the attack techniques. The biggest challenge in deploying honeypots is their configuration and maintenance compounded with the fact that they either emulate a few services or provide the real services. The emulated services, which are usually implemented using scripts, are restricted by the responses given to the attacker. This limits the amount of information that can be gathered. The scripts are also much easier to be detected by the attacker. On the other hand, the drawback of providing real services is the greater risk associated with their use.