A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf
.
Filters
Scalability, fidelity, and containment in the potemkin virtual honeyfarm
2005
Proceedings of the twentieth ACM symposium on Operating systems principles - SOSP '05
We have built a prototype honeyfarm system, called Potemkin, that exploits virtual machines, aggressive memory sharing, and late binding of resources to achieve this goal. ...
In this paper, we describe an approach to minimize this tension and improve honeypot scalability by up to six orders of magnitude while still closely emulating the execution behavior of individual Internet ...
Back at UCSD Marvin McNett kept the honeyfarm running in spite of our move across campus, and Colleen Shannon kept the packets flowing. Michelle Panik kept us organized and grammatical. ...
doi:10.1145/1095810.1095825
dblp:conf/sosp/VrableMCMVSVS05
fatcat:pshvbbhk3bayleqpmzzpom5r2e
Scalability, fidelity, and containment in the potemkin virtual honeyfarm
2005
ACM SIGOPS Operating Systems Review
We have built a prototype honeyfarm system, called Potemkin, that exploits virtual machines, aggressive memory sharing, and late binding of resources to achieve this goal. ...
In this paper, we describe an approach to minimize this tension and improve honeypot scalability by up to six orders of magnitude while still closely emulating the execution behavior of individual Internet ...
Back at UCSD Marvin McNett kept the honeyfarm running in spite of our move across campus, and Colleen Shannon kept the packets flowing. Michelle Panik kept us organized and grammatical. ...
doi:10.1145/1095809.1095825
fatcat:dmcj3n366zhqfeviqp2usry2vi
Taxonomy of honeynet solutions
2015
2015 SAI Intelligent Systems Conference (IntelliSys)
In this paper, we propose such taxonomy, identifying the main criteria used for its classification and applying the classification scheme to some of the existing honeynet solutions, in order to quickly ...
get a clear outline of the honeynet architecture and gain insight of the honeynet technology. ...
fidelity and containment. ...
doi:10.1109/intellisys.2015.7361266
fatcat:d3gsa3kfarg6nglxtennnuk5te
Collapsar: A VM-based honeyfarm and reverse honeyfarm architecture for network attack capture and detention
2006
Journal of Parallel and Distributed Computing
A Collapsar center hosts and manages a large number of high-interaction virtual honeypots in a local dedicated network. ...
The conflict between distributed presence and uniform management poses a major challenge in honeypot deployment and operation. ...
This work was supported in part by a grant from the e-Enterprise Center at Purdue University, a gift from Microsoft Research, and grants from the National Science Foundation (OCI-0438246, OCI-0504261, ...
doi:10.1016/j.jpdc.2006.04.012
fatcat:x5z7jo4xfjeufpqtrlplwseraq
Data reduction for the scalable automated analysis of distributed darknet traffic
2005
Proceedings of the 5th ACM SIGCOMM conference on Internet measurement - IMC '05
In this paper we examine the properties of individual and distributed darknets to determine the effectiveness of building scalable hybrid systems. ...
One class of techniques that attempts to achieve this balance involves hybrid systems that combine the scalable monitoring of unused address blocks (or darknets) with forensic honeypots (or honeyfarms) ...
Of particular relevance is the recent work on the Potemkin Virtual Honeyfarm [39] in which the authors discuss a hybrid architecture with emphasis on a novel set of techniques for creating scalable per ...
doi:10.1145/1330107.1330135
fatcat:xzwchu5osja4tf6sn6anx63el4
Ethical, legal, and technical constraints however demand containment of resulting network activity in order to prevent the malware from harming others while still ensuring that it exhibits its inherent ...
We discuss GQ's architecture and implementation, our methodology for developing containment policies, and our experiences gathered from six years of development and operation of the system. ...
Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the funders.
REFERENCES [1] P. Barford ...
doi:10.1145/2068816.2068854
dblp:conf/imc/KreibichWKCP11
fatcat:vgiv6osgdrdjfgnzpqfvoktfsi
Enabling an Anatomic View to Investigate Honeypot Systems: A Survey
2017
IEEE Systems Journal
It is also useful for investigating the behaviour of attackers, and in particular, unknown attacks. ...
Finally, the taxonomy is applied to a wide set of tools and systems in order to demonstrate its validity and predict the tendency of honeypot development. ...
ACKNOWLEDGMENT The authors would like to thank Prof. D. Chadwick from the University of Kent, Canterbury, U.K., for conducting proofreading to improve the quality of this entire paper. ...
doi:10.1109/jsyst.2017.2762161
fatcat:nusjzggoabc5nc7lcocaemnkqm
Sensor in the Dark: Building Untraceable Large-Scale Honeypots Using Virtualization Technologies
2010
2010 10th IEEE/IPSJ International Symposium on Applications and the Internet
In addition, by virtually classifying the unused IP addresses into several groups, DarkPots enables us to perform several monitoring schemes simultaneously. ...
In order to tackle this problem, we propose a system called DarkPots, that consists of a large number of virtualized honeypots using unused and nonconsecutive IP addresses in a production network. ...
[25] also exploited a virtual machine architecture in an attempt to build a scalable and high-fidelity honeyfarm system called GQ. Rajab et al. ...
doi:10.1109/saint.2010.42
dblp:conf/saint/ShimodaMG10
fatcat:fik5wgd2srfrvgh47kg3jm6pyy
HoneyLab: Large-Scale Honeypot Deployment and Resource Sharing
2009
2009 Third International Conference on Network and System Security
We propose and build a shared infrastructure for deploying and monitoring honeypots, called HoneyLab, that is similar in spirit to PlanetLab. ...
Honeypots are valuable tools for detecting and analyzing malicious activity on the Internet. Successful and time-critical detection of such activity often depends on large-scale deployment. ...
This work was also supported in part by the Marie Curie Actions Reintegration Grants project PASS. Spiros Antonatos and Sotiris Ioannidis are also with University of Crete. ...
doi:10.1109/nss.2009.65
dblp:conf/nss/ChinMAI09
fatcat:3j2gcven6jgwzcvtb6yob3tcfe
Demystifying Deception Technology:A Survey
[article]
2018
arXiv
pre-print
In this work an extensive overview of the deception technology environment is presented. ...
Deception boosts security for systems and components by denial, deceit, misinformation, camouflage and obfuscation. ...
Acknowledgment This work has been supported by the Federal Ministry of Education and Research of the Federal Republic of Germany (Foerderkennzeichen KIS ITS , IUNO). ...
arXiv:1804.06196v1
fatcat:72zhe65le5hstovras43caqzdq
Versatile virtual honeynet management framework
2017
IET Information Security
It can also generate and manage the virtual honeynet through a dynamic configuration approach adapting to the mutable network environment. ...
In this study, the authors propose a versatile virtual honeynet management tool to address this problem. ...
Acknowledgments This research is supported in part by the National Natural Science Foundation of China (nos. 61440057, 61272087, 61363019 and 61073008), the Beijing Natural Science Foundation (nos. 4082016 ...
doi:10.1049/iet-ifs.2015.0256
fatcat:vig4dregwzb7biwxhxorbhoylq
Characterization and classification of malicious Web traffic
2014
Computers & security
We first explore the types and prevalence of malicious scans and attacks to Web systems, and the extent to which these malicious activities differ in different periods of time or on Web servers running ...
In addition to descriptive statistical analysis, we include an inferential statistical analysis of the malicious session attributes, such as duration, number of requests and bytes transferred in a session ...
Acknowledgments This work was funded in part by the National Science Foundation under the grants CNS-0447715 and CCF-0916284. The authors thank David Krovich, Jonathan Lynch and J. ...
doi:10.1016/j.cose.2014.01.006
fatcat:azawx4vvpzc6bnlvkwe3b2uzs4
Automated Attack Planning
[article]
2013
arXiv
pre-print
In this thesis, we are concerned with the specific context of regular automated pentesting, and use the term "attack planning" in that sense. The following three research directions are investigated. ...
These algorithms take into account the probability of success of the actions and their expected cost (for example in terms of execution time, or network traffic generated). ...
The latter project has privileged accuracy and virtualization over scalability and performance.The Potemkin Virtual Honeyfarm [VMC + 05] is another interesting prototype. ...
arXiv:1307.7808v1
fatcat:443ewryg2rcitplfyveonuyhny