SGNET: a distributed infrastructure to handle zero-day exploits

This work builds upon the Leurre.com infrastructure and the Scriptgen technology. Leurr´e.com is a worldwide distributed setup of low interaction honeypots whereas Scriptgen is a new class of honeypot: a medium interaction one. In this paper, we see how Scriptgen can be enriched thanks to the Argos and Nepenthes open source software in order to build a distributed system able to collect rich information about ongoing attacks and to collect malware, even for zero-day attacks, without facing the same liability and complexity issues encountered by classical high interaction honeypots. The design is precisely exposed as well as its implementation. Experimental results are offered that highlight the validity of the proposed solution.