Title :
Knowledge sharing honeynets
Author :
Sudaharan, Sushan ; Dhammalapathi, Srikrishna ; Rai, Sijan ; Wijesekera, Duminda
Author_Institution :
Inf. & Software Eng., George Mason Univ., Fairfax, VA, USA
Abstract :
Due to the prevalence of distributed and coordinated Internet attacks, many researchers and network administrators study the nature and strategies of attackers. To analyze event logs, using intrusion detection systems and active network monitoring, honeynets are being deployed to attract potential attackers in order to investigate their modus operandi. The goal is to use honeynet clusters as real-time warning systems in production networks. Towards satisfying this objective, we have built a honeynet cluster and have run experiments to determine its effectiveness. Majority of the honeynets function in isolation, not sharing information in real time. In order to rectify this deficiency, the authors built a federation of cooperating honeynets (referred to as knowledge sharing honeynets) that shares knowledge of malicious traffic. This paper describes the methods in building a hardware assisted honeynet cluster and testing its effectiveness.
Keywords :
computer networks; real-time systems; security of data; active network monitoring; attack strategy; cooperating honeynets; coordinated Internet attacks; distributed Internet attacks; event log analysis; honeynet clusters; intrusion detection systems; knowledge sharing honeynets; malicious traffic; network administration; production networks; real-time warning systems; Hardware; Intrusion detection; Military computing; Monitoring; Network servers; Production systems; Real time systems; Switches; Telecommunication traffic; Web server;
Conference_Titel :
Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC
Print_ISBN :
0-7803-9290-6
DOI :
10.1109/IAW.2005.1495958
