Virtual honeypots have many advantages over physical
honeypots with regards to data collection capabilities, deployment costs and
portability. They do have, however, the disadvantage that they can
be easily discovered if an intruder finds out that the compromised
system is a virtual machine, since these are still not very popular
as production servers. This paper proposes a series of
implementation and configuration counter-measures for the User-Mode
Linux VM manager, so that UML virtual honeypots appear to be
authentic Linux systems running on physical computers, making the
intruders believe that they have compromised authentic production
machines.