Distributed Honeypot log management and visualization of attacker geographical distribution

Honeypot is a prominent technology that helps us learn new hacking techniques from attackers and intruders. The much information from multiple Honeypot servers, the more appropriate signatures we can generate. To ease the administrator to manage and monitor trace files from multiple Honeypot servers that are distributed in various locations at the same time, in this paper we design and implement a prototype of log management server to automatically and periodically collect log files from them. Information reported by each Honeypot server will be sent in secure manner to the log management server. The log management server then parses the information into the database server, where users can search for specific information through the web interface, such as searching based on one or two Honeypot servers. Moreover, the geographical distribution of attackers is visualized in the world map by utilizing the WHOIS database and GeoPlot software.

[1]  Marc Dacier,et al.  ScriptGen: an automated script generation tool for Honeyd , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[2]  Niels Provos,et al.  A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[3]  D. Watson,et al.  The Honeynet Project: Data Collection Tools, Infrastructure, Archives and Analysis , 2008, 2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing.

[4]  Yu Yao,et al.  Detecting and Defending against Worm Attacks Using Bot-honeynet , 2009, 2009 Second International Symposium on Electronic Commerce and Security.

[5]  Xianfeng Zhang,et al.  The Worm Propagation Model and Control Strategy Based on Distributed Honeynet , 2008, 2008 International Conference on Computer Science and Software Engineering.

[6]  Haifeng Wang,et al.  Design of cooperative deployment in distributed Honeynet system , 2010, The 2010 14th International Conference on Computer Supported Cooperative Work in Design.

[7]  Lance Spitzner,et al.  The Honeynet Project: Trapping the Hackers , 2003, IEEE Secur. Priv..