论文信息 - Next-Generation Honeynet Technology with Real-Time Forensics for U.S. Defense

Next-Generation Honeynet Technology with Real-Time Forensics for U.S. Defense

High-interaction honeynets are extraordinary intrusion intelligence tools. Unfortunately, their power has come at a significant cost. Forensic analysis can be cumbersome and labor intensive, management burdens are often onerous, and compromised honeynets present a risk of being used to stage further attacks. In short, these high-interaction intelligence tools have lacked operational agility. We present a novel approach to honeypot architecture that combines advances in virtualization, low-level introspection, signature generation, and forensic analysis to construct a real-time, high-interaction intrusion intelligence and prevention tool.

Alen Capalik

[1] James Newsome,et al. Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[2] Herbert Bos,et al. Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation , 2006, EuroSys.

[3] Jon Crowcroft,et al. Honeycomb , 2004, Comput. Commun. Rev..

[4] Samuel T. King,et al. Detecting past and present intrusions through vulnerability-specific predicates , 2005, SOSP '05.

[5] Niels Provos,et al. A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[6] N. Rowe. Deception in defense of computer systems from cyber-attack , 2007 .

[7] Tal Garfinkel,et al. A Virtual Machine Introspection Based Architecture for Intrusion Detection , 2003, NDSS.