Title :
Collecting malware from distributed honeypots — Honeypharm
Author :
Hassan, Ahmad ; Ali, Majid Al
Abstract :
The purpose of having a honeypot, such as Nepenthes, that collects malicious software (malware), is to build the capability of capturing malware propagating in a certain infrastructure, or intentionally targeting that infrastructure. When multiple honeypots of this type are deployed, they require a mechanism in which the malware and other related intelligence are reported to a centralized repository to analyze collected malware and study both overall and infrastructure-specific trends. Such a setup also caters for identifying new malware, i.e., malware that are not known by any antivirus provider. This provides a mechanism of malware detection and analysis at the early stages, which allows it to be dealt with before it spreads massively and causes severe damage.
Keywords :
client-server systems; computer viruses; HoneyPHARM; antivirus provider; centralized repository; distributed Honeypots; malicious software; malware detection; Databases; IP networks; Malware; Monitoring; Sensors; Web server; Honeypot; antivirus; malware; malware analysis; virus;
Conference_Titel :
GCC Conference and Exhibition (GCC), 2011 IEEE
Conference_Location :
Dubai
Print_ISBN :
978-1-61284-118-2
DOI :
10.1109/IEEEGCC.2011.5752555
