INTERCEPT: high-interaction server-type honeypot based on live migration

This paper aims at developing a honeypot system for web applications. The key idea is employing migration techniques to create a virtual machine as a honey web server, and making the honeypot to equip the same memory and block content of the real systems. Recently, web applications have been the target of numerous cyber attacks. In order to catch up new vulnerabilities in the applications, using a honeypot system is a feasible solution. However, it might be difficult to develop the lure-able, protect-able, and deception-able honeypot for web applications. This paper analyzes the background issues of the problem and finds the missing piece toward the suitable honeypot. It also designs and implements INTERCEPT, the core component of the honeypot system for web applications, which can avoid the data corruption as well as finishing the migration in short time period. Finally, we discuss how to complete the missing piece.