Honeypots: Tracking Hackers
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
MET: an experimental system for Malicious Email Tracking
Proceedings of the 2002 workshop on New security paradigms
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
Proceedings of the 2004 ACM workshop on Rapid malcode
Toward understanding distributed blackhole placement
Proceedings of the 2004 ACM workshop on Rapid malcode
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
ScriptGen: an automated script generation tool for honeyd
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Collapsar: a VM-based architecture for network attack detention center
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Mapping internet sensors with probe response attacks
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Vulnerabilities of passive internet threat monitors
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Accurate buffer overflow detection via abstract payload execution
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Enhanced CAPTCHAs: using animation to tell humans and computers apart
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
ALICE@home: Distributed Framework for Detecting Malicious Sites
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Dynamic monitoring of dark IP address space
TMA'11 Proceedings of the Third international conference on Traffic monitoring and analysis
This network is infected: HosTaGe - a low-interaction honeypot for mobile devices
Proceedings of the Third ACM workshop on Security and privacy in smartphones & mobile devices
Hi-index | 0.00 |
Honeypots have been shown to be very useful for accurately detecting attacks, including zero-day threats, at a reasonable cost and without false positives. However, there are two pressing problems with existing approaches. The first problem is that timely detection requires deployment of honeypots in a large fraction of the network address space, many organizations cannot afford. The second problem is that attackers are evolving, and it has been shown that it is not difficult for them to identify honeypots and develop blacklists to avoid them when launching an attack In response to these problems, we propose a new architecture that enables large-scale deploymentat low cost, while making it harder for attackers to maintain accurate blacklists. The Honey@home architecture relies on communities of regular users installing a lightweight honeypot that monitors unused addresses and ports. Because it does not require the static allocation of valuable chunks of network address space, and considering the success of other community-based approaches such as seti@home, our approach is well-suited for creating a large-scale honeypot infrastructure at low cost. Since participation in the system is dynamic as users come and go, it becomes harder for attackers to maintain accurate blacklists In this paper we discuss the current design of the Honey@home architecture, a preliminary implementation and describe the design issues that we faced especially with respect to infrastructure robustness, the challenges we have to deal with and the effectiveness of our approach.