Knowledge sharing honeynets

Author

Sudaharan, Sushan ; Dhammalapathi, Srikrishna ; Rai, Sijan ; Wijesekera, Duminda

Author_Institution

Inf. & Software Eng., George Mason Univ., Fairfax, VA, USA

fYear

2005

Firstpage

240

Lastpage

243

Abstract

Due to the prevalence of distributed and coordinated Internet attacks, many researchers and network administrators study the nature and strategies of attackers. To analyze event logs, using intrusion detection systems and active network monitoring, honeynets are being deployed to attract potential attackers in order to investigate their modus operandi. The goal is to use honeynet clusters as real-time warning systems in production networks. Towards satisfying this objective, we have built a honeynet cluster and have run experiments to determine its effectiveness. Majority of the honeynets function in isolation, not sharing information in real time. In order to rectify this deficiency, the authors built a federation of cooperating honeynets (referred to as knowledge sharing honeynets) that shares knowledge of malicious traffic. This paper describes the methods in building a hardware assisted honeynet cluster and testing its effectiveness.

Keywords

computer networks; real-time systems; security of data; active network monitoring; attack strategy; cooperating honeynets; coordinated Internet attacks; distributed Internet attacks; event log analysis; honeynet clusters; intrusion detection systems; knowledge sharing honeynets; malicious traffic; network administration; production networks; real-time warning systems; Hardware; Intrusion detection; Military computing; Monitoring; Network servers; Production systems; Real time systems; Switches; Telecommunication traffic; Web server;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC

Print_ISBN

0-7803-9290-6

Type

conf

DOI

10.1109/IAW.2005.1495958

Filename

1495958