Honeynet Clusters as an early Warning System for Production Networks

Sushan Sudaharan, Srikrishna Dhammalapati, Sijan Rai, Duminda Wijesekera

Abstract

Due to the prevalence of distributed and coordinated Internet attacks, many researchers and network administrators study the nature and strategies of attackers. To analyze event logs, using intrusion detection systems and active network monitoring, Honeynets are being deployed to attract potential attackers in order to investigate their modus operandi. Our goal is to use Honeynet clusters as real-time warning systems in production networks. Towards satisfying this objective, we have built a Honeynet cluster and have run experiments to determine its effectiveness. Majority of the Honeynets function in isolation, not sharing information in real time. In order to rectify this deficiency, we built a federation of cooperating Honeynets (referred to as a Honeynet cluster) that shares knowledge of malicious traffic. This paper describes the methods in building a hardware assisted Honeynet cluster and testing its effectiveness.

References

  1. http://www.snort.org
  2. http://www.tcpdump.org/
  3. http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide _chapter09186a0080089948.html#41850
  4. http://www.tcpdump.org/pcap.htm
  5. http://www.tcpdump.org/changes/2003-11-13.02:21:40.html
  6. http://richie.idc.ul.ie/eoin/SILICON%20DEFENSE%20- %20Flash%20Worm%20Analysis.htm
  7. Wingfield, T. C. The Law of Information Conflict: National Security Law in Cyberspace. Falls Church, Va. Aegis Research Corp., 2000.
  8. http://honeypots.sourceforge.net/
Download


Paper Citation


in Harvard Style

Sudaharan S., Dhammalapati S., Rai S. and Wijesekera D. (2005). Honeynet Clusters as an early Warning System for Production Networks . In Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005) ISBN 972-8865-25-2, pages 77-83. DOI: 10.5220/0002569700770083


in Bibtex Style

@conference{wosis05,
author={Sushan Sudaharan and Srikrishna Dhammalapati and Sijan Rai and Duminda Wijesekera},
title={Honeynet Clusters as an early Warning System for Production Networks},
booktitle={Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005)},
year={2005},
pages={77-83},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002569700770083},
isbn={972-8865-25-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2005)
TI - Honeynet Clusters as an early Warning System for Production Networks
SN - 972-8865-25-2
AU - Sudaharan S.
AU - Dhammalapati S.
AU - Rai S.
AU - Wijesekera D.
PY - 2005
SP - 77
EP - 83
DO - 10.5220/0002569700770083