Skip to Main Content
A distributed honeypot system is a collection of honeypots distributed throughout the Internet that send their data to a central analysis point. In such a system, the need for automation, flexibility, and transparency in data control, data capture, and honeypot cleanup is more readily satisfied with virtual machine technology than with native installations. The Distributed Honeypot Project at Dartmouth College's Institute for Security Technology Studies has extended (and proposed further extensions to) User-Mode Linux (UML), a virtual-machine version of the Linux operating system, to satisfy these needs. The extensions make UML a more suitable honeypot platform, and will be useful to any Linux-based honeypot researcher.
Date of Conference: 10-11 June 2004