MVH

#Multi Variant Honeypot

MVH stands for Multi Variant Honeypot. This is my MSc final project. MVH is a multi variant honeypot system which uses a interposition delegating architecture to execute untrusted code built with Seccomp-BPF. MVH has two variants, one private and one public running in parallel and it is able to detect, prevent and record malicious behaviour of the public variant (e.g. public web server) by analysing and comparing the system calls made by each variant. The MVH effectiveness has been proved by attacking a LightHTTP server affected by a buffer overflow bug. MVH was able to prevent and record any malicious action performed by the attacked.

#Interested?

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
abstract_data		abstract_data
test		test
toys		toys
trusted_process		trusted_process
.gitignore		.gitignore
Makefile		Makefile
README.md		README.md
bpf-filter.c		bpf-filter.c
bpf-filter.h		bpf-filter.h
color.h		color.h
common.h		common.h
conf.h		conf.h
debug.h		debug.h
error.c		error.c
error.h		error.h
fault.S		fault.S
library.c		library.c
library.h		library.h
linux_syscall_support.h		linux_syscall_support.h
main.c		main.c
main_mvh_server.c		main_mvh_server.c
maps.c		maps.c
maps.h		maps.h
mmalloc.c		mmalloc.c
mmalloc.h		mmalloc.h
mvh.c		mvh.c
mvh.h		mvh.h
mvh_server.c		mvh_server.c
mvh_server.h		mvh_server.h
preload.c		preload.c
sandbox.c		sandbox.c
sandbox.h		sandbox.h
syscall_entrypoint.c		syscall_entrypoint.c
syscall_entrypoint.h		syscall_entrypoint.h
syscall_table.c		syscall_table.c
syscall_table.h		syscall_table.h
syscall_x64.h		syscall_x64.h
tls.c		tls.c
tls.h		tls.h
trusted_thread.c		trusted_thread.c
trusted_thread.h		trusted_thread.h
x86_decoder.c		x86_decoder.c
x86_decoder.h		x86_decoder.h

giuse88/mvh

Folders and files

Latest commit

History

Repository files navigation

MVH

About

Resources

Stars

Watchers

Forks

Languages