Honeypots: Tracking Hackers
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Monitoring and early warning for internet worms
Proceedings of the 10th ACM conference on Computer and communications security
ReVirt: enabling intrusion analysis through virtual-machine logging and replay
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Forensix: A Robust, High-Performance Reconstruction System
ICDCSW '05 Proceedings of the Second International Workshop on Security in Distributed Computing Systems (SDCS) (ICDCSW'05) - Volume 02
Protection mechanisms for application service hosting platforms
CCGRID '04 Proceedings of the 2004 IEEE International Symposium on Cluster Computing and the Grid
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Implementing and testing a virus throttle
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Speculative Security Checks in Sandboxing Systems
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 18
Trust but verify: monitoring remotely executing programs for progress and correctness
Proceedings of the tenth ACM SIGPLAN symposium on Principles and practice of parallel programming
Scalability, fidelity, and containment in the potemkin virtual honeyfarm
Proceedings of the twentieth ACM symposium on Operating systems principles
Using VMM-based sensors to monitor honeypots
Proceedings of the 2nd international conference on Virtual execution environments
Simulating non-scanning worms on peer-to-peer networks
InfoScale '06 Proceedings of the 1st international conference on Scalable information systems
Profiling self-propagating worms via behavioral footprinting
Proceedings of the 4th ACM workshop on Recurring malcode
CycleMeter: detecting fraudulent peers in internet cycle sharing
Proceedings of the 2006 ACM/IEEE conference on Supercomputing
SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots
Computer Networks: The International Journal of Computer and Telecommunications Networking
Journal of Parallel and Distributed Computing - Special issue: Security in grid and distributed systems
Data reduction for the scalable automated analysis of distributed darknet traffic
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Honey@home: a new approach to large-scale threat monitoring
Proceedings of the 2007 ACM workshop on Recurring malcode
Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction
Proceedings of the 14th ACM conference on Computer and communications security
Compatibility is not transparency: VMM detection myths and realities
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
Learning and Classification of Malware Behavior
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Efficiently tracking application interactions using lightweight virtualization
Proceedings of the 1st ACM workshop on Virtual machine security
Hiding "real" machine from attackers and malware with a minimal virtual machine monitor
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Journal of Systems and Software
Characterising Anomalous Events Using Change - Point Correlation on Unsolicited Network Traffic
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
ACM Transactions on Information and System Security (TISSEC)
Honeypot detection in advanced botnet attacks
International Journal of Information and Computer Security
"Out-of-the-Box" monitoring of VM-based high-interaction honeypots
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Vortex: enabling cooperative selective wormholing for network security systems
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
A guest-transparent file integrity monitoring method in virtualization environment
Computers & Mathematics with Applications
Building a dark piconet upon bluetooth interfaces of computers
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Monitoring remotely executing shared memory programs in software DSMs
IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
Dynamic monitoring of dark IP address space
TMA'11 Proceedings of the Third international conference on Traffic monitoring and analysis
Honeynet games: a game theoretic approach to defending network monitors
Journal of Combinatorial Optimization
GQ: practical containment for measuring modern malware systems
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
The nepenthes platform: an efficient approach to collect malware
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
| Hi-index | 0.00 |
The honeypot has emerged as an effective tool to provide insights into new attacks and current exploitation trends. Though effective, a single honeypot or multiple independently operated honeypots only provide a limited local view of network attacks. Deploying and managing a large number of coordinating honeypots in different network domains will not only provide a broader and more diverse view, but also create potentials in global network status inference, early network anomaly detection, and attack correlation in large scale. However, coordinated honeypot deployment and operation require close and consistent collaboration across participating network domains, in order to mitigate potential security risks associated with each honeypot and the non-uniform level of security expertise in different network domains. It is challenging, yet desirable, to provide the two conflicting features of decentralized presence and uniform management in honeypot deployment and operation. To address these challenges, this paper presents Collapsar, a virtual-machine-based architecture for network attack detention. A Collapsar center hosts and manages a large number of high-interaction virtual honeypots in a local dedicated network. These honeypots appear, to potential intruders, as typical systems in their respective production networks. Decentralized logical presence of honeypots provides a wide diverse view of network attacks, while the centralized operation enables dedicated administration and convenient event correlation, eliminating the need for honeypot experts in each production network domain. We present the design, implementation, and evaluation of a Collapsar testbed. Our experiments with several real-world attack incidences demonstrate the effectiveness and practicality of Collapsar.