• DocumentCode
    3003030
  • Title

    Improving Honeynet Data Analysis

  • Author

    Viecco, Camilo

  • Author_Institution
    Indiana Univ, Indianapolis
  • fYear
    2007
  • fDate
    20-22 June 2007
  • Firstpage
    99
  • Lastpage
    106
  • Abstract
    The honeywall´s hflow and walleye interface first introduced in[1] vastly improved honeynet data analysis by integrating different data sources and thus reducing the time required for analyzing honeynet data. However, there are some open architectural questions. This paper answers some of these questions by introducing a packet processing language that allows a modular architecture. This architecture not only solves the immediate problems but is also applicable to a wide range of problems. We present data regarding the problems of the old architecture and present our solution. We also present some of performance envelopes of both architectures.
  • Keywords
    data analysis; security of data; user interfaces; hflow; honey net data analysis; modular architecture; open architectural questions; packet processing language; performance envelopes; walleye interface; Collaborative work; Conferences; Data analysis; Delay effects; Independent component analysis; Information analysis; Performance analysis; Production; Usability;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Assurance and Security Workshop, 2007. IAW '07. IEEE SMC
  • Conference_Location
    West Point, NY
  • Print_ISBN
    1-4244-1304-4
  • Electronic_ISBN
    1-4244-1304-4
  • Type

    conf

  • DOI
    10.1109/IAW.2007.381920
  • Filename
    4267548
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3003030