ABSTRACT
Honeypots and honeynets play a very important role in network security. In the paper, we evaluate the design of the distributed virtual honeynet, which consists of honeynets based on operating system-level virtualization. Using the advantages of this type of virtualization, we design and implement secure data capture engines - hardware and software sensors and one-way secure data collection. In the implementation, we consider the integration of several sensors (including memory, data storage, network traffic, users' activity, temperature, current consumption, and others) and development of secure distributed system. Since in this type of virtualization all honeypots share one kernel of operating system, it is sufficient to implement the sensors in one place - on host system. We also design and implement a central control unit, which manages all virtual honeynets. In paper, we also describe the implementation of proposed distributed virtual honeynet in a campus network.
- F. H. Abbasi and R. Harris. Experiences with a generation iii virtual honeynet. In Telecommunication Networks and Applications Conference (ATNAC), 2009 Australasian, pages 1--6. IEEE, 2009.Google ScholarCross Ref
- J. Che, Q. He, K. Ye, and D. Huang. Performance combinative evaluation of typical virtual machine monitors. In High Performance Computing and Applications, pages 96--101. Springer, 2010. Google ScholarDigital Library
- W. Chin, E. P. Markatos, S. Antonatos, and S. Ioannidis. Honeylab: large-scale honeypot deployment and resource sharing. In Network and System Security, 2009. NSS'09. Third International Conference on, pages 381--388. IEEE, 2009. Google ScholarDigital Library
- P. Defibaugh-Chavez, R. Veeraghattam, M. Kannappa, S. Mukkamala, and A. Sung. Network based detection of virtual environments and low interaction honeypots. In Information Assurance Workshop, 2006 IEEE, pages 283--289. IEEE, 2006.Google ScholarCross Ref
- C. Hoepers, K. Steding-Jessen, L. E. Cordeiro, and M. H. Chaves. A national early warning capability based on a network of distributed honeypots. In 17th Annual FIRST Conference on Computer Security Incident Handling, Singapore, 2005.Google Scholar
- S. Kumar, P. Singh, R. Sehgal, and J. Bhatia. Distributed honeynet system using gen iii virtual honeynet. International Journal of Computer Theory & Engineering, 4(4), 2012.Google Scholar
- R. McGrew. Experiences with honeypot systems: Development, deployment, and analysis. In System Sciences, 2006. HICSS'06. Proceedings of the 39th Annual Hawaii International Conference on, volume 9, pages 220a--220a. IEEE, 2006. Google ScholarDigital Library
- H. project. Know Your Enemy: Learning about Security Threats. Addison Wesley, 2004.Google Scholar
- P. Sokol and Pisarčík. Data capture in virtual honeynet based on operating system level virtualization. In ICTIC 2014. The 3rd International Virtual Conference 2014, volume 3, pages 285--290. EDIS, Žilina, 2014.Google Scholar
- L. Spitzner. The honeynet project: Trapping the hackers. IEEE Security & Privacy, 1(2):15--23, 2003. Google ScholarDigital Library
- L. Spitzner. Honeypots: Catching the insider threat. In Computer Security Applications Conference, 2003. Proceedings. 19th Annual, pages 170--179. IEEE, 2003. Google ScholarDigital Library
- W3Techs. Web technology survey, usage of operating systems for websites.Google Scholar
- D. Watson and J. Riden. The honeynet project: Data collection tools, infrastructure, archives and analysis. In WOMBAT Workshop on Information Security Threats Data Collection and Sharing, pages 24--30, 2008. Google ScholarDigital Library
- L. Yongli, Z. Jie, W. Shufang, and W. Zixian. Model and evaluation of a new honeynet. In Robotics and Applications (ISRA), 2012 IEEE Symposium on, pages 574--576. IEEE, 2012.Google ScholarCross Ref
- Y. Zhou, J. Zhuge, N. Xu, X. Jiao, W. Sun, Y. Ji, and Y. Du. Matrix: A distributed honeynet and its applications. In 20th Annual FIRST Conference (FIRST'08). British Columbia, Canada, 2008.Google Scholar
Index Terms
- Framework for distributed virtual honeynets
Recommendations
Data base support for intrusion detection with honeynets
TELE-INFO'07: Proceedings of the 6th WSEAS Int. Conference on Telecommunications and InformaticsAs computer attacks are becoming more and more difficult to identify the need for better and more efficient intrusion detection systems increases. The main problem with current intrusion detection systems is high rate of false alarms. In this paper we ...
Assessment of Virtualization as a Sensor Technique
SADFE '10: Proceedings of the 2010 Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic EngineeringThe explosive growth of malware development and the increasing sophistication of malware behavior require thatsecurity researchers be on the lookout for new vectors of attacks. Drive-by-downloads are among the types of attacks that are onthe rise. To ...
Correlation Analysis between Spamming Botnets and Malware Infected Hosts
SAINT '11: Proceedings of the 2011 IEEE/IPSJ International Symposium on Applications and the InternetMany of recent cyber attacks are being launched by botnets for the purpose of carrying out large-scale cyber attacks such as spam emails, Distributed Denial of Service (DDoS), network scanning and so on. In many cases, these botnets consist of a lot of ...
Comments