Filters








13 Hits in 2.0 sec

Scalability, fidelity, and containment in the potemkin virtual honeyfarm

Michael Vrable, Justin Ma, Jay Chen, David Moore, Erik Vandekieft, Alex C. Snoeren, Geoffrey M. Voelker, Stefan Savage
2005 Proceedings of the twentieth ACM symposium on Operating systems principles - SOSP '05  
We have built a prototype honeyfarm system, called Potemkin, that exploits virtual machines, aggressive memory sharing, and late binding of resources to achieve this goal.  ...  In this paper, we describe an approach to minimize this tension and improve honeypot scalability by up to six orders of magnitude while still closely emulating the execution behavior of individual Internet  ...  Back at UCSD Marvin McNett kept the honeyfarm running in spite of our move across campus, and Colleen Shannon kept the packets flowing. Michelle Panik kept us organized and grammatical.  ... 
doi:10.1145/1095810.1095825 dblp:conf/sosp/VrableMCMVSVS05 fatcat:pshvbbhk3bayleqpmzzpom5r2e

Scalability, fidelity, and containment in the potemkin virtual honeyfarm

Michael Vrable, Justin Ma, Jay Chen, David Moore, Erik Vandekieft, Alex C. Snoeren, Geoffrey M. Voelker, Stefan Savage
2005 ACM SIGOPS Operating Systems Review  
We have built a prototype honeyfarm system, called Potemkin, that exploits virtual machines, aggressive memory sharing, and late binding of resources to achieve this goal.  ...  In this paper, we describe an approach to minimize this tension and improve honeypot scalability by up to six orders of magnitude while still closely emulating the execution behavior of individual Internet  ...  Back at UCSD Marvin McNett kept the honeyfarm running in spite of our move across campus, and Colleen Shannon kept the packets flowing. Michelle Panik kept us organized and grammatical.  ... 
doi:10.1145/1095809.1095825 fatcat:dmcj3n366zhqfeviqp2usry2vi

Taxonomy of honeynet solutions

Wenjun Fan, Zhihui Du, David Fernandez
2015 2015 SAI Intelligent Systems Conference (IntelliSys)  
In this paper, we propose such taxonomy, identifying the main criteria used for its classification and applying the classification scheme to some of the existing honeynet solutions, in order to quickly  ...  get a clear outline of the honeynet architecture and gain insight of the honeynet technology.  ...  fidelity and containment.  ... 
doi:10.1109/intellisys.2015.7361266 fatcat:d3gsa3kfarg6nglxtennnuk5te

Collapsar: A VM-based honeyfarm and reverse honeyfarm architecture for network attack capture and detention

Xuxian Jiang, Dongyan Xu, Yi-Min Wang
2006 Journal of Parallel and Distributed Computing  
A Collapsar center hosts and manages a large number of high-interaction virtual honeypots in a local dedicated network.  ...  The conflict between distributed presence and uniform management poses a major challenge in honeypot deployment and operation.  ...  This work was supported in part by a grant from the e-Enterprise Center at Purdue University, a gift from Microsoft Research, and grants from the National Science Foundation (OCI-0438246, OCI-0504261,  ... 
doi:10.1016/j.jpdc.2006.04.012 fatcat:x5z7jo4xfjeufpqtrlplwseraq

Data reduction for the scalable automated analysis of distributed darknet traffic

Michael Bailey, Evan Cooke, Farnam Jahanian, Niels Provos, Karl Rosaen, David Watson
2005 Proceedings of the 5th ACM SIGCOMM conference on Internet measurement - IMC '05  
In this paper we examine the properties of individual and distributed darknets to determine the effectiveness of building scalable hybrid systems.  ...  One class of techniques that attempts to achieve this balance involves hybrid systems that combine the scalable monitoring of unused address blocks (or darknets) with forensic honeypots (or honeyfarms)  ...  Of particular relevance is the recent work on the Potemkin Virtual Honeyfarm [39] in which the authors discuss a hybrid architecture with emphasis on a novel set of techniques for creating scalable per  ... 
doi:10.1145/1330107.1330135 fatcat:xzwchu5osja4tf6sn6anx63el4

GQ

Christian Kreibich, Nicholas Weaver, Chris Kanich, Weidong Cui, Vern Paxson
2011 Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference - IMC '11  
Ethical, legal, and technical constraints however demand containment of resulting network activity in order to prevent the malware from harming others while still ensuring that it exhibits its inherent  ...  We discuss GQ's architecture and implementation, our methodology for developing containment policies, and our experiences gathered from six years of development and operation of the system.  ...  Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the funders. REFERENCES [1] P. Barford  ... 
doi:10.1145/2068816.2068854 dblp:conf/imc/KreibichWKCP11 fatcat:vgiv6osgdrdjfgnzpqfvoktfsi

Enabling an Anatomic View to Investigate Honeypot Systems: A Survey

Wenjun Fan, Zhihui Du, David Fernandez, Victor A. Villagra
2017 IEEE Systems Journal  
It is also useful for investigating the behaviour of attackers, and in particular, unknown attacks.  ...  Finally, the taxonomy is applied to a wide set of tools and systems in order to demonstrate its validity and predict the tendency of honeypot development.  ...  ACKNOWLEDGMENT The authors would like to thank Prof. D. Chadwick from the University of Kent, Canterbury, U.K., for conducting proofreading to improve the quality of this entire paper.  ... 
doi:10.1109/jsyst.2017.2762161 fatcat:nusjzggoabc5nc7lcocaemnkqm

Sensor in the Dark: Building Untraceable Large-Scale Honeypots Using Virtualization Technologies

Akihiro Shimoda, Tatsuya Mori, Shigeki Goto
2010 2010 10th IEEE/IPSJ International Symposium on Applications and the Internet  
In addition, by virtually classifying the unused IP addresses into several groups, DarkPots enables us to perform several monitoring schemes simultaneously.  ...  In order to tackle this problem, we propose a system called DarkPots, that consists of a large number of virtualized honeypots using unused and nonconsecutive IP addresses in a production network.  ...  [25] also exploited a virtual machine architecture in an attempt to build a scalable and high-fidelity honeyfarm system called GQ. Rajab et al.  ... 
doi:10.1109/saint.2010.42 dblp:conf/saint/ShimodaMG10 fatcat:fik5wgd2srfrvgh47kg3jm6pyy

HoneyLab: Large-Scale Honeypot Deployment and Resource Sharing

W.Y. Chin, Evangelos P. Markatos, Spiros Antonatos, Sotiris Ioannidis
2009 2009 Third International Conference on Network and System Security  
We propose and build a shared infrastructure for deploying and monitoring honeypots, called HoneyLab, that is similar in spirit to PlanetLab.  ...  Honeypots are valuable tools for detecting and analyzing malicious activity on the Internet. Successful and time-critical detection of such activity often depends on large-scale deployment.  ...  This work was also supported in part by the Marie Curie Actions Reintegration Grants project PASS. Spiros Antonatos and Sotiris Ioannidis are also with University of Crete.  ... 
doi:10.1109/nss.2009.65 dblp:conf/nss/ChinMAI09 fatcat:3j2gcven6jgwzcvtb6yob3tcfe

Demystifying Deception Technology:A Survey [article]

Daniel Fraunholz, Simon Duque Anton, Christoph Lipps, Daniel Reti, Daniel Krohmer, Frederic Pohl, Matthias Tammen, Hans Dieter Schotten
2018 arXiv   pre-print
In this work an extensive overview of the deception technology environment is presented.  ...  Deception boosts security for systems and components by denial, deceit, misinformation, camouflage and obfuscation.  ...  Acknowledgment This work has been supported by the Federal Ministry of Education and Research of the Federal Republic of Germany (Foerderkennzeichen KIS ITS , IUNO).  ... 
arXiv:1804.06196v1 fatcat:72zhe65le5hstovras43caqzdq

Versatile virtual honeynet management framework

Wenjun Fan, David Fernández, Zhihui Du
2017 IET Information Security  
It can also generate and manage the virtual honeynet through a dynamic configuration approach adapting to the mutable network environment.  ...  In this study, the authors propose a versatile virtual honeynet management tool to address this problem.  ...  Acknowledgments This research is supported in part by the National Natural Science Foundation of China (nos. 61440057, 61272087, 61363019 and 61073008), the Beijing Natural Science Foundation (nos. 4082016  ... 
doi:10.1049/iet-ifs.2015.0256 fatcat:vig4dregwzb7biwxhxorbhoylq

Characterization and classification of malicious Web traffic

Katerina Goseva-Popstojanova, Goce Anastasovski, Ana Dimitrijevikj, Risto Pantev, Brandon Miller
2014 Computers & security  
We first explore the types and prevalence of malicious scans and attacks to Web systems, and the extent to which these malicious activities differ in different periods of time or on Web servers running  ...  In addition to descriptive statistical analysis, we include an inferential statistical analysis of the malicious session attributes, such as duration, number of requests and bytes transferred in a session  ...  Acknowledgments This work was funded in part by the National Science Foundation under the grants CNS-0447715 and CCF-0916284. The authors thank David Krovich, Jonathan Lynch and J.  ... 
doi:10.1016/j.cose.2014.01.006 fatcat:azawx4vvpzc6bnlvkwe3b2uzs4

Automated Attack Planning [article]

Carlos Sarraute
2013 arXiv   pre-print
In this thesis, we are concerned with the specific context of regular automated pentesting, and use the term "attack planning" in that sense. The following three research directions are investigated.  ...  These algorithms take into account the probability of success of the actions and their expected cost (for example in terms of execution time, or network traffic generated).  ...  The latter project has privileged accuracy and virtualization over scalability and performance.The Potemkin Virtual Honeyfarm [VMC + 05] is another interesting prototype.  ... 
arXiv:1307.7808v1 fatcat:443ewryg2rcitplfyveonuyhny