By Topic

Honey@home: A New Approach to Large-Scale Threat Monitoring

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

7 Author(s)
Antonatos, S. ; Found. for Res. & Technol. - Hellas, Inst. of Comput. Sci., Heraklio ; Athanatos, M. ; Kondaxis, G. ; Velegrakis, J.
more authors

Honeypots have been proven to be very useful for accurately detecting attacks, including zero-day threats, at a reasonable cost and with zero false positives. However, there are two pressing problems with existing approaches. The first problem is that timely detection requires deployment of honeypots in a large fraction of the network address space, which many organizations or ISPs cannot afford. The second problem is that attackers are evolving, and it has been shown that it is not difficult for them to identify honeypots and develop blacklists to avoid them when launching a new attack. In response to these problems, we propose a new architecture that enables large-scale deployment at low cost, while making it harder for attackers to maintain accurate blacklists. The Honey@home architecture relies on communities of regular users installing a lightweight honeypot that monitors unused IP addresses and ports. Since it does not require the static allocation of valuable chunks of network address space, and considering the success of other community-based approaches such as seti@home and folding@home, our approach is well-suited for creating a large-scale honeypot infrastructure at low cost. Since participation in the system is dynamic as users come and go, it becomes harder for attackers to maintain accurate blacklists. In this paper we discuss the current design of the Honey@home architecture, a preliminary implementation and describe the design issues that we faced especially with respect to infrastructure robustness, the challenges we have to deal with and the effectiveness of our approach.

Published in:

Information Security Threats Data Collection and Sharing, 2008. WISTDCS '08. WOMBAT Workshop on

Date of Conference:

21-22 April 2008