Title :
Honey@home: A New Approach to Large-Scale Threat Monitoring
Author :
Antonatos, S. ; Athanatos, M. ; Kondaxis, G. ; Velegrakis, J. ; Hatzibodozis, N. ; Ioannidis, S. ; Markatos, E.P.
Author_Institution :
Found. for Res. & Technol. - Hellas, Inst. of Comput. Sci., Heraklio
Abstract :
Honeypots have been proven to be very useful for accurately detecting attacks, including zero-day threats, at a reasonable cost and with zero false positives. However, there are two pressing problems with existing approaches. The first problem is that timely detection requires deployment of honeypots in a large fraction of the network address space, which many organizations or ISPs cannot afford. The second problem is that attackers are evolving, and it has been shown that it is not difficult for them to identify honeypots and develop blacklists to avoid them when launching a new attack. In response to these problems, we propose a new architecture that enables large-scale deployment at low cost, while making it harder for attackers to maintain accurate blacklists. The Honey@home architecture relies on communities of regular users installing a lightweight honeypot that monitors unused IP addresses and ports. Since it does not require the static allocation of valuable chunks of network address space, and considering the success of other community-based approaches such as seti@home and folding@home, our approach is well-suited for creating a large-scale honeypot infrastructure at low cost. Since participation in the system is dynamic as users come and go, it becomes harder for attackers to maintain accurate blacklists. In this paper we discuss the current design of the Honey@home architecture, a preliminary implementation and describe the design issues that we faced especially with respect to infrastructure robustness, the challenges we have to deal with and the effectiveness of our approach.
Keywords :
IP networks; Internet; security of data; Honey@home architecture; IP addresses; IP ports; ISP; honeypot infrastructure; honeypots; network address space; static allocation; threat monitoring; zero-day threats; Computer science; Computerized monitoring; Costs; Face detection; Information security; Internet; Intrusion detection; Large-scale systems; Pressing; Robustness; honey@home; honeypots; internet attacks; unused address space monitoring;
Conference_Titel :
Information Security Threats Data Collection and Sharing, 2008. WISTDCS '08. WOMBAT Workshop on
Conference_Location :
Amsterdam
Print_ISBN :
978-0-7695-3347-6
DOI :
10.1109/WISTDCS.2008.15