Sixth Framework Programme Structuring the European Research Area Specific Programme Research Infrastructures Action
نویسندگان
چکیده
Traditional honeypots listen to unused IP address space waiting for attackers to contact them. Shadow honeypots present another perspective; they demonstrate how honeypots can be coupled with production systems to enhance their security. Based on the observation that attack traffic is considerably less than normal traffic, shadow honeypots propose to use an anomaly detection system (ADS) as a first-pass filter and high-interaction honeypots for verifying the traffic marked by the ADS as suspicious. In this document, we present the design and implementation of a shadow honeypot tailored to protect web servers. We measure its performance in terms of how many requests it can serve and the imposed overhead for various settings and conditions. Finally, we present how we can overcome the current limitations of our design, we discuss issues regarding a generic shadow honeypot architecture and propose future steps to improve our approach.
منابع مشابه
Sixth Framework Programme Structuring the European Research Area Specific Programme Research Infrastructures Action
This document discusses the optimization of the NoAH components with respect to the detection speed of novel cyberattacks, the accuracy of the detection methods, the effectiveness of the virtual machine containment environment, and the robustness of the NoAH infrastructure against malfunctions and/or malicious attacks.
متن کاملSixth Framework Programme Structuring the European Research Area Specific Programme Research Infrastructures Action Contractual Date of Delivery M12 Actual Date of Delivery M13 Deliverable Security Class Public
This document describes the design of the NoAH containment environment. The environment, known as Argos, is intended for use in a high-interaction honeypot that runs real services on any operating system. Unlike most other systems, we do not require the traffic arriving at the honeypot to be suspect to begin with, as Argos is designed to detect zero-day attacks.
متن کاملSixth Framework Programme Structuring the European Research Area Specific Programme Research Infrastructures Action D0.1: Survey on the State-of-the-art
The aim of the NoAH deliverable D0.1 is to summarise and to analyse the state–of–the–art related to the aims of the NoAH project. This document focuses on surveying existing honeypot architectures and security monitoring infrastruc-tures, contrasting their relative advantages, and investigating their interoperability issues. The state–of–the–art is divided into the three categories projects, to...
متن کاملComparative analysis of university-government-enterprise co-authorship networks in three scientific domains in the region of Madrid
For some time now, the relationship between university and private enterprise has been receiving increasing attention, both from research policy planners and managers, with a view to enhancing cooperation, and from researchers analysing and seeking to improve and make such collaboration more effective through networking. The European Union’s Sixth Framework Programme, for instance, designed a s...
متن کاملAdvances in Sharing and Managing Knowledge about European Research Infrastructures
1 *The MERIL project is supported by the European Commission under Framework Programme 7-Contract # 262159. The MERIL initiative-aims to achieve a comprehensive inventory of research infrastructures in Europe of more than national relevance-to make the information publicly available through 3 *The MERIL project is supported by the European Commission under Framework Programme 7-Contract # 26215...
متن کامل