Distributed Honeypot log management and visualization of attacker geographical distribution

Author

Visoottiviseth, Vasaka ; Jaralrungroj, Uttapol ; Phoomrungraungsuk, Ekkachai ; Kultanon, Pongpak

Author_Institution

Fac. of Inf. & Commun. Technol., Mahidol Univ., Nakhon Pathom, Thailand

fYear

2011

fDate

11-13 May 2011

Firstpage

23

Lastpage

28

Abstract

Honeypot is a prominent technology that helps us learn new hacking techniques from attackers and intruders. The much information from multiple Honeypot servers, the more appropriate signatures we can generate. To ease the administrator to manage and monitor trace files from multiple Honeypot servers that are distributed in various locations at the same time, in this paper we design and implement a prototype of log management server to automatically and periodically collect log files from them. Information reported by each Honeypot server will be sent in secure manner to the log management server. The log management server then parses the information into the database server, where users can search for specific information through the web interface, such as searching based on one or two Honeypot servers. Moreover, the geographical distribution of attackers is visualized in the world map by utilizing the WHOIS database and GeoPlot software.

Keywords

Internet; database management systems; file servers; security of data; GeoPlot software; WHOIS database; Web interface; database server; distributed Honeypot Log management; geographical distribution attacker; log management server; Distributed Server; Honeyd; Honeynet; Honeypot; Management Server; Network Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Science and Software Engineering (JCSSE), 2011 Eighth International Joint Conference on

Conference_Location

Nakhon Pathom

Print_ISBN

978-1-4577-0686-8

Type

conf

DOI

10.1109/JCSSE.2011.5930083

Filename

5930083