Honeypots: Tracking Hackers
Honeypots for Distributed Denial of Service Attacks
WETICE '02 Proceedings of the 11th IEEE International Workshops on Enabling Technologies: nfrastructure for Collaborative Enterprises
NVisionIP: netflow visualizations of system state for security situational awareness
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Scalability, fidelity, and containment in the potemkin virtual honeyfarm
Proceedings of the twentieth ACM symposium on Operating systems principles
A year in the life of the Irish honeynet: attacked, probed and bruised but still fighting
Information-Knowledge-Systems Management
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Profiling Attacker Behavior Following SSH Compromises
DSN '07 Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
Virtual honeypots: from botnet tracking to intrusion detection
Virtual honeypots: from botnet tracking to intrusion detection
IEEE Security and Privacy
SGNET: A Worldwide Deployable Framework to Support the Analysis of Malware Threat Models
EDCC-7 '08 Proceedings of the 2008 Seventh European Dependable Computing Conference
Characterization of Attackers' Activities in Honeypot Traffic Using Principal Component Analysis
NPC '08 Proceedings of the 2008 IFIP International Conference on Network and Parallel Computing
An evaluation of connection characteristics for separating network attacks
International Journal of Security and Networks
Experiences with the NoAH Honeynet Testbed to Detect new Internet Worms
IMF '09 Proceedings of the 2009 Fifth International Conference on IT Security Incident Management and IT Forensics
Nfsight: netflow-based network awareness tool
LISA'10 Proceedings of the 24th international conference on Large installation system administration
The nepenthes platform: an efficient approach to collect malware
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Hi-index | 0.00 |
Protecting computer and information systems from security attacks is becoming an increasingly important task for system administrators. Honeypots are a technology often used to detect attacks and collect information about techniques and targets (e.g., services, ports, operating systems) of attacks. However, managing a large and complex network of honeypots becomes a challenge given the amount of data collected as well as the risk that the honeypots may become infected and start attacking other machines. In this paper, we present DarkNOC, a management and monitoring tool for complex honeynets consisting of different types of honeypots as well as other data collection devices. DarkNOC has been actively used to manage a honeynet consisting of multiple subnets and hundreds of IP addresses. This paper describes the architecture and a number of case studies demonstrating the use of DarkNOC.