Centralized surveillance of unused address space by using virtual networks

Considerable attention has been paid to the Internet security. Honeypot is one of effective mechanism to detect and analyze intruders activities. Since packets sent to honeypots are almost always malicious, thus false alerts, that is serious problems in the normal intrusion detection system, are minimized. However, there are two important disadvantages in honeypot. First, the scope of a honeypot is limited to the address it attached. Second, there are potential risk that honeypot is compromised by a smart intruder. In this paper, we propose a centralized surveillance of unused address space. The whole unused addresses in the organization are virtually watched by a small number of the honeypots installed in a special network under the control. By the aggregation of honeypots, honeypots may be supervised well, and the risk of compromise may be reduced. The surveillance system can be established without making alternation in existing network equipments. It selects the address under surveillance autonomously. It is able to adapt to addition and deletion of networks and hosts without any administration.