BITS Pilani Hyderabad Campus

Co-operative Deployment in a Honeynet

System

Gokul Kannan. S

BITS Pilani, Hyderabad Campus

Authors: Haifeng Wang, Wingkui Chen

Publication: 2010: 14th International Conference on

Computer Supported Co-operative Work in Design

Objective:

To make honeypots easier to deploy & make it more difficult

to detect.

Design of Co-operative Deployment in a Distributed Honeynet System

BITS Pilani, Hyderabad Campus

Architecture

BITS Pilani, Hyderabad Campus

• Multiple agent systems

• Agent system (Autonomous System) • Term autonomous originates from the Greek term: autos meaning self and

nomos meaning rule or law.

• Enabling systems to operate independently, without external intervention.

• Intelligent Systems (systems running AI algorithms)

• Communication, Monitoring, Decision-Making

• Goal-based • Learn & reason towards achieving their goals

• Same goal

Multi-Agent System (MAS)

BITS Pilani, Hyderabad Campus

• 3 types of agents (as per this paper) • Honeypot Agent (H.Ag)

– Monitors a set of honeypots

– Sends report to D.Ag

– Executor of deployment

• Host collector Agent (C.Ag)

– Collect information about network

– Sends report to D.Ag

• Deploy Agent (D.Ag)

– Get reports from C.Ag and H.Ag

– Communicate with other D.Ag (if a best deploy scheme is

available)

Multi-Agent System (MAS)

BITS Pilani, Hyderabad Campus

• Contains a collection of virtual honeypots

• Induce degree – the capacity of inducing attackers

• Virtual honeypots can be one of the following • Low Interaction

• High Interaction

• Medium Interaction

Honey-Farm System (HFS)

BITS Pilani, Hyderabad Campus

• Contains a set of computer nodes

• OS type: Windows (different versions), Linux

• Host-alter degree • Host changing rule

• IPActive

Computer Network System

BITS Pilani, Hyderabad Campus

• Type of interaction (low, high, medium)

• Honeypot position • Outside the security system

• Inside the security system (DMZ)

• Sub-networks behind firewall

• Inside the intranet

• etc.

• Distribution of honeypots • Nh – no. of honeypots

• Np – no. of computers

• P – rate of protection

Challenges in deployment

BITS Pilani, Hyderabad Campus

Co-operative Deploy Strategy

BITS Pilani, Hyderabad Campus

Algorithm 1: Collect status of computer network

BITS Pilani, Hyderabad Campus

Algorithm 2: Collect status of honeyfarm

BITS Pilani, Hyderabad Campus

Algorithm 3: Learning & Final Decision

BITS Pilani, Hyderabad Campus

Algorithm 3: Learning & Final Decision

BITS Pilani, Hyderabad Campus

Algorithm 4: Co-operative Deploy

BITS Pilani, Hyderabad Campus

Experiments

BITS Pilani, Hyderabad Campus

Experiments

BITS Pilani, Hyderabad Campus

Thank You !!