Abstract
Honeyfarm is a model to deploy honeypots for global network attack monitoring, correlation and forensic analysis. Data control is a fundamental problem in the honeyfarm to protect the Internet from being attacked by compromised honeypots in the honeyfarm, while providing a controlled environment for worm behaviour study. However, this problem is not well addressed in a limited number of existing implementations. This paper presents a honeyfarm system and focuses on the design of a data control mechanism based on Intrusion detection and Data redirection (DOID). Comprehensive experiments including attack event tracing, worm behaviour study and forensic analysis display that DOID is a good tool for attack monitoring and forensic analysis.
The work is supported by the NSFC project 61702542 and the China Postdoctoral Science Foundation project 2016M603017.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Jiang, X., Xu, D., Wang, Y.-M.: Collapsar: AVM-based honeyfarm and reverse honeyfarm architecture for network attack capture and detention. J. Parallel Distrib. Comput. 66, 1165–1180 (2006)
Vrable, M., Ma, J., Chen, J., Moore, D., Vandekieft, E., Snoeren, A.C., Voelker, G.M., Savage, S.: Scalability, fidelity, and containment in the potemkin virtual honeyfarm. In: Proceedings of the ACM Symposium on Operating Systems Principles. ACM, Brighton, October 2005
Spitzner, L.: Honeypots: Tracking Hackers, pp. 1–480. Addison Wesley, Boston (2002)
Burkhart, M., Schatzmann, D., Trammell, B., Boschi, E., Plattner, B.: The role of network trace anonymization under attack. SIGCOMM Comput. Commun. Rev. 40(1), 5–11 (2010)
Jain, P., Sardana, A.: Defending against internet worms using honeyfarm. In: Proceedings of the CUBE International Information Technology Conference, CUBE 2012, Pune, India, pp. 795–800. ACM (2012)
Krishnan, S., Snow, K.Z., Monrose, F.: Trail of bytes: efficient support for forensic analysis. In: Proceedings of the 17th ACM CCS, Chicago, Illinois, USA, pp. 50–60. ACM (2010)
Metasploitable2. https://community.rapid7.com/docs/DOC-1875
Tor technology. http://www.torproject.org/
Kaur, R., Singh, M.: A survey on zero-day polymorphic worm detection techniques. IEEE Commun. Surv. Tutor. 16(3), 1520–1549 (2014)
Abbasi, F.H., Harris, R.J.: Experiences with a generation III virtual honeynet. In: Proceedings of ATNAC, pp. 1–9 (2009)
Kumar, S., Singh, P., Sehgal, R., Bhatia, J.S.: Distributed honeynet system using Gen III virtual honeynet. Int. J. Comput. Theory Eng. 4(4), 537–541 (2012)
Kim, I.S., Kim, M.H.: Agent-based honeynet framework for protecting servers in campus networks. IET Inf. Secur. 6(3), 202–211 (2012)
He, X.-Y., Lam, K.-Y., Chung, S.-L., Chi, C.-H., Sun, J.-G.: Real-time emulation of intrusion victim in honeyfarm. In: Chi, C.-H., Lam, K.-Y. (eds.) AWCC 2004. LNCS, vol. 3309, pp. 143–154. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30483-8_18
Kreibich, C., Weaver, N., Kanich, C., Cui, W., Paxson, V.: GQ: practical containment for measuring modern malware systems. In: Proceedings of the 2011 ACM SIGCOMM IMC, Toronto, Canada, pp. 397–412. ACM (2011)
Al Fahdi, M., Clarke, N.L., Li, F., Furnell, S.M.: A suspect-oriented intelligent and automated computer forensic analysis. Digit. Invest. 18, 65–76 (2016)
da Cruz Nassif, L.F., Huschka, E.R.: Document clustering for forensic analysis: an approach for improving computer inspection. IEEE Trans. Inf. Forensics Secur. 8(1), 46–54 (2013)
Ovens, K.M., Morison, G.: Forensic analysis of Kik messenger on iOS devices. Digit. Invest. 17, 40–52 (2016)
Walnycky, D., Baggili, I., Marrington, A., Moore, J., Breitinger, F.: Network and device forensic analysis of android social-messaging applications. Digit. Invest. 14, 77–84 (2015)
Anglano, C.: Forensic analysis of whatsapp messenger on android smartphones. Digit. Invest. 11, 201–213 (2014)
Vrable, M., Ma, J., Chen, J., Moore, D., Vandekieft, E., Snoeren, A.C., Voelker, G.M., Savage, S.: A forensic analysis of android malware how is malware written and how it could be detected? In: Proceedings of IEEE 38th Annual International Computer, Software and Applications Conference (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Yin, W., Zhou, H., Yang, C. (2018). A Honeyfarm Data Control Mechanism and Forensic Study. In: Li, B., Shu, L., Zeng, D. (eds) Communications and Networking. ChinaCom 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 237. Springer, Cham. https://doi.org/10.1007/978-3-319-78139-6_37
Download citation
DOI: https://doi.org/10.1007/978-3-319-78139-6_37
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-78138-9
Online ISBN: 978-3-319-78139-6
eBook Packages: Computer ScienceComputer Science (R0)