Skip to main content
Article thumbnail
Location of Repository

Using honeynets for internet situational awareness

By Vinod Yegneswaran, Paul Barford and Vern Paxson

Abstract

Abstract—Effective network security administration depends to a great extent on having accurate, concise, high-quality information about malicious activity in one’s network. Honeynets can potentially provide such detailed information, but the volume and diversity of this data can prove overwhelming. In this paper we explore ways to integrate honeypot data into daily network security monitoring with a goal of sufficiently classifying and summarizing the data to provide ongoing “situational awareness. ” We present such a system, built using the Bro NIDS, and discuss experiences drawn from six months operation. One key aspect of this environment is its ability to provide insight into large-scale events. We look at the problem of accurately classifying botnet sweeps and worm outbreaks, which turns out to be difficult to grapple with due to the high dimensionality of such incidents. Using datasets collected during a number of these events, we explore the utility of several analysis methods, finding that when used together they show promise for contributing towards effective situational awareness. I

Year: 2005
OAI identifier: oai:CiteSeerX.psu:10.1.1.135.4090
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://citeseerx.ist.psu.edu/v... (external link)
  • http://cs.wisc.edu/~vinod/hotn... (external link)
  • Suggested articles


    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.