Sciweavers

RAID
2007
Springer

"Out-of-the-Box" Monitoring of VM-Based High-Interaction Honeypots

14 years 5 months ago
"Out-of-the-Box" Monitoring of VM-Based High-Interaction Honeypots
Honeypot has been an invaluable tool for the detection and analysis of network-based attacks by either human intruders or automated malware in the wild. The insights obtained by deploying honeypots, especially high-interaction ones, largely rely on the monitoring capability on the honeypots. In practice, based on the location of sensors, honeypots can be monitored either internally or externally. Being deployed inside the monitored honeypots, internal sensors are able to provide a semantic-rich view on various aspects of system dynamics (e.g., system calls). However, their very internal existence makes them visible, tangible, and even subvertible to attackers after break-ins. From another perspective, existing external honeypot sensors (e.g., network sniffers) could be made invisible to the monitored honeypot. However, they are not able to capture any internal system events such as system calls executed. It is desirable to have a honeypot monitoring system that is invisible, tamperresi...
Xuxian Jiang, Xinyuan Wang
Added 09 Jun 2010
Updated 09 Jun 2010
Type Conference
Year 2007
Where RAID
Authors Xuxian Jiang, Xinyuan Wang
Comments (0)