Leurre.com: on the advantages of deploying a large scale distributed honeypot platform

There are several well known techniques to observe criminal activities on the Internet by monitoring its traffic. One option consists in using global telescopes or dark nets which offer interesting views of global trends. Another solution consists in centralizing firewall logs and intrusion detection system alerts to extract some information. In this paper, we advocate the usefulness of a third approach that focuses on the need of local views to get more precise information on some attacks. With this idea in mind, we have developed and deployed for the last six months a distributed honeypot environment in several distinct countries. We show in this paper that 1) local sensors present strong similarities to a certain degree, and 2) they also highlight very clear local patterns. As a conclusion, we demonstrate the usefulness of distributed honeypots and we hope to encourage more partners from all over the world to join our honeypot, named the Leurre.com