gokul seminar
TRANSCRIPT
BITS Pilani, Hyderabad Campus
Authors: Haifeng Wang, Wingkui Chen
Publication: 2010: 14th International Conference on
Computer Supported Co-operative Work in Design
Objective:
To make honeypots easier to deploy & make it more difficult
to detect.
Design of Co-operative Deployment in a Distributed Honeynet System
BITS Pilani, Hyderabad Campus
• Multiple agent systems
• Agent system (Autonomous System) • Term autonomous originates from the Greek term: autos meaning self and
nomos meaning rule or law.
• Enabling systems to operate independently, without external intervention.
• Intelligent Systems (systems running AI algorithms)
• Communication, Monitoring, Decision-Making
• Goal-based • Learn & reason towards achieving their goals
• Same goal
Multi-Agent System (MAS)
BITS Pilani, Hyderabad Campus
• 3 types of agents (as per this paper) • Honeypot Agent (H.Ag)
– Monitors a set of honeypots
– Sends report to D.Ag
– Executor of deployment
• Host collector Agent (C.Ag)
– Collect information about network
– Sends report to D.Ag
• Deploy Agent (D.Ag)
– Get reports from C.Ag and H.Ag
– Communicate with other D.Ag (if a best deploy scheme is
available)
Multi-Agent System (MAS)
BITS Pilani, Hyderabad Campus
• Contains a collection of virtual honeypots
• Induce degree – the capacity of inducing attackers
• Virtual honeypots can be one of the following • Low Interaction
• High Interaction
• Medium Interaction
Honey-Farm System (HFS)
BITS Pilani, Hyderabad Campus
• Contains a set of computer nodes
• OS type: Windows (different versions), Linux
• Host-alter degree • Host changing rule
• IPActive
Computer Network System
BITS Pilani, Hyderabad Campus
• Type of interaction (low, high, medium)
• Honeypot position • Outside the security system
• Inside the security system (DMZ)
• Sub-networks behind firewall
• Inside the intranet
• etc.
• Distribution of honeypots • Nh – no. of honeypots
• Np – no. of computers
• P – rate of protection
Challenges in deployment