When a client is connecting to a honeypot server, it is usually not legitimate traffic. However, as malware is always trying to be stealthy, the honeypot should make few assumptions about who it's talking with and how it should respond in order to keep the conversation going. This project would aim at creating a library to instruct a honeypot on how to proceed in such a situation by analyzing the traffic with different ways and coming up with the most likely protocol that could be used. This should help the honeypot gain deeper insight into the current landscape of malware on the internet.



Nikolaos Filippakis


  • Lukas Rist
  • Hugo Gascon