DarkNOC: dashboard for honeypot management

Authors:
Bertrand Sobesto;Michel Cukier;Matti Hiltunen;Dave Kormann;Gregg Vesonder;Robin Berthier
Affiliations:
Clark School of Engineering, University of Maryland, College Park, MD;Clark School of Engineering, University of Maryland, College Park, MD;AT&T Labs Research, Florham Park, NJ;AT&T Labs Research, Florham Park, NJ;AT&T Labs Research, Florham Park, NJ;Coordinated Science Laboratory, Information Trust Institute, University of Illinois, Urbana-Champaign, IL
Venue:
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
Year:
2011

Citing 17
Cited 0

Honeypots: Tracking Hackers

Honeypots: Tracking Hackers
Honeypots for Distributed Denial of Service Attacks

WETICE '02 Proceedings of the 11th IEEE International Workshops on Enabling Technologies: nfrastructure for Collaborative Enterprises
NVisionIP: netflow visualizations of system state for security situational awareness

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Scalability, fidelity, and containment in the potemkin virtual honeyfarm

Proceedings of the twentieth ACM symposium on Operating systems principles
A year in the life of the Irish honeynet: attacked, probed and bruised but still fighting

Information-Knowledge-Systems Management
Why phishing works

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Profiling Attacker Behavior Following SSH Compromises

DSN '07 Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
Virtual honeypots: from botnet tracking to intrusion detection

Virtual honeypots: from botnet tracking to intrusion detection
The Honeywall CD-ROM

IEEE Security and Privacy
SGNET: A Worldwide Deployable Framework to Support the Analysis of Malware Threat Models

EDCC-7 '08 Proceedings of the 2008 Seventh European Dependable Computing Conference
Characterization of Attackers' Activities in Honeypot Traffic Using Principal Component Analysis

NPC '08 Proceedings of the 2008 IFIP International Conference on Network and Parallel Computing
An evaluation of connection characteristics for separating network attacks

International Journal of Security and Networks
Experiences with the NoAH Honeynet Testbed to Detect new Internet Worms

IMF '09 Proceedings of the 2009 Fifth International Conference on IT Security Incident Management and IT Forensics
AlienVault: the future of security information management

Linux Journal
Nfsight: netflow-based network awareness tool

LISA'10 Proceedings of the 24th international conference on Large installation system administration
The nepenthes platform: an efficient approach to collect malware

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection

Quantified Score

Hi-index	0.00

Visualization

Abstract

Protecting computer and information systems from security attacks is becoming an increasingly important task for system administrators. Honeypots are a technology often used to detect attacks and collect information about techniques and targets (e.g., services, ports, operating systems) of attacks. However, managing a large and complex network of honeypots becomes a challenge given the amount of data collected as well as the risk that the honeypots may become infected and start attacking other machines. In this paper, we present DarkNOC, a management and monitoring tool for complex honeynets consisting of different types of honeypots as well as other data collection devices. DarkNOC has been actively used to manage a honeynet consisting of multiple subnets and hundreds of IP addresses. This paper describes the architecture and a number of case studies demonstrating the use of DarkNOC.