论文信息 - SGNET: Implementation insights

SGNET: Implementation insights

We present in this paper SGNET, a distributed framework to collect information on Internet attacks, with special attention to self-propagating malware and code injections. This framework is the result of our latest research work on the so-called ScriptGen technology. It is characterized by several unique characteristics that may allow it to provide in the future an extremely interesting perspective on the Internet attacks. In order to make it possible, we need to spread its observation points as much as possible to obtain a complete view on the different blocks of the IP space. We present here an overview of the characteristics of its design with special focus on the possibility to expand it and improve it with additional functional blocks. The SGNET is in fact an open initiative, integrating together tools produced by different research teams such as Argos (VU Amsterdam), Nepenthes, Anubis (TU Wien) and VirusTotal (Hispasec Sistemas). Everybody is welcome and encouraged to participate to this initiative, by hosting observation points and/or by extending this framework with additional modules.

Marc Dacier | Corrado Leita | C. Leita | M. Dacier

[1] Marc Dacier,et al. Honeypots: practical means to validate malicious fault assumptions , 2004, 10th IEEE Pacific Rim International Symposium on Dependable Computing, 2004. Proceedings..

[2] L. Spitzner,et al. Honeypots: Tracking Hackers , 2002 .

[3] Marc Dacier,et al. SGNET: A Worldwide Deployable Framework to Support the Analysis of Malware Threat Models , 2008, 2008 Seventh European Dependable Computing Conference.

[4] U. Bayer,et al. TTAnalyze: A Tool for Analyzing Malware , 2006 .

[5] Marc Dacier,et al. ScriptGen: an automated script generation tool for Honeyd , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[6] Herbert Bos,et al. Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation , 2006, EuroSys.

[7] Marc Dacier,et al. Automatic Handling of Protocol Dependencies and Reaction to 0-Day Attacks with ScriptGen Based Honeypots , 2006, RAID.

[8] Farnam Jahanian,et al. The Internet Motion Sensor - A Distributed Blackhole Monitoring System , 2005, NDSS.

[9] Zhuoqing Morley Mao,et al. Toward understanding distributed blackhole placement , 2004, WORM '04.

[10] Van-Hau Pham,et al. on the Advantages of Deploying a Large Scale Distributed Honeypot Platform , 2005 .

[11] Felix C. Freiling,et al. The Nepenthes Platform: An Efficient Approach to Collect Malware , 2006, RAID.