论文信息 - Learning More About Attack Patterns With Honeypots

Learning More About Attack Patterns With Honeypots

Honeypots are information system resources, whose value lies in unauthorized or illicit use of these resources. In this paper, we present a project that has established a world-wide distributed sensor system of honeypots. Within this system, each platform has the same configuration, thus allowing us to compare the collected data of each platform. And since all platforms send all logging data to a central database, this enables us to correlate all data and draw conclusions from it. Besides presenting the project, we show how the collected data can be used to learn more about attack patterns. In addition, we illustrate how we can learn more about root-causes of attacks, i.e., specific tools or techniques used by attackers.

Thorsten Holz

[1] Till Dörges,et al. Ein Netzwerk von IDS-Sensoren für Angriffsstatistiken , 2004 .

[2] Stefan Savage,et al. Inferring Internet denial-of-service activity , 2001, TOCS.

[3] Farnam Jahanian,et al. The Internet Motion Sensor - A Distributed Blackhole Monitoring System , 2005, NDSS.

[4] Niels Provos,et al. A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[5] Thorsten Holz,et al. A Pointillist Approach for Comparing Honeypots , 2005, DIMVA.

[6] Fabien Pouget,et al. Honeypot-based forensics , 2004 .

[7] Vishal Malik,et al. Distributed intrusion detection system , 2002 .

[8] Zhuoqing Morley Mao,et al. Toward understanding distributed blackhole placement , 2004, WORM '04.

[9] Felix C. Freiling,et al. Vulnerability Assessment using Honeypots , 2004, PIK Prax. Informationsverarbeitung Kommun..

[10] Somesh Jha,et al. Global Intrusion Detection in the DOMINO Overlay System , 2004, NDSS.

[11] Robert Stone,et al. A Snapshot of Global Internet Worm Activity , 2001 .