Towards a third generation data capture architecture for honeynets

Author

Balas, Edward ; Viecco, Camilo

Author_Institution

Adv. Network Manage. Lab, Indiana Univ., Bloomington, IN, USA

fYear

2005

Firstpage

21

Lastpage

28

Abstract

Honeynets have become an important tool for researchers and network operators. However, their effectiveness has been impeded by a lack of a standard unified honeynet data model which results from having multiple unrelated data sources, each with its own access method and format. In this paper we propose a new data collection architecture that addresses the need for both rapid comprehension and detailed analysis by providing two data access methods: a relational model based fast path, and a canonical slow path. We also present a set of tools based on this architecture.

Keywords

computer networks; data models; knowledge acquisition; security of data; canonical slow path; computer network; data access method; data capture architecture; data collection architecture; data format; data sources; fast path; honeynet data model; honeynets; honeypots; relational model; Conferences; Cryptography; Data models; Data security; Impedance; Intrusion detection; Linux; Monitoring; Operating systems; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC

Print_ISBN

0-7803-9290-6

Type

conf

DOI

10.1109/IAW.2005.1495929

Filename

1495929