By Topic

Distributed Honeypot log management and visualization of attacker geographical distribution

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Vasaka Visoottiviseth ; Faculty of Information and Communication Technology, Mahidol University, Nakhon Pathom, Thailand 73170 ; Uttapol Jaralrungroj ; Ekkachai Phoomrungraungsuk ; Pongpak Kultanon

Honeypot is a prominent technology that helps us learn new hacking techniques from attackers and intruders. The much information from multiple Honeypot servers, the more appropriate signatures we can generate. To ease the administrator to manage and monitor trace files from multiple Honeypot servers that are distributed in various locations at the same time, in this paper we design and implement a prototype of log management server to automatically and periodically collect log files from them. Information reported by each Honeypot server will be sent in secure manner to the log management server. The log management server then parses the information into the database server, where users can search for specific information through the web interface, such as searching based on one or two Honeypot servers. Moreover, the geographical distribution of attackers is visualized in the world map by utilizing the WHOIS database and GeoPlot software.

Published in:

Computer Science and Software Engineering (JCSSE), 2011 Eighth International Joint Conference on

Date of Conference:

11-13 May 2011