Title :
Improving Honeynet Data Analysis
Author_Institution :
Indiana Univ, Indianapolis
Abstract :
The honeywall´s hflow and walleye interface first introduced in[1] vastly improved honeynet data analysis by integrating different data sources and thus reducing the time required for analyzing honeynet data. However, there are some open architectural questions. This paper answers some of these questions by introducing a packet processing language that allows a modular architecture. This architecture not only solves the immediate problems but is also applicable to a wide range of problems. We present data regarding the problems of the old architecture and present our solution. We also present some of performance envelopes of both architectures.
Keywords :
data analysis; security of data; user interfaces; hflow; honey net data analysis; modular architecture; open architectural questions; packet processing language; performance envelopes; walleye interface; Collaborative work; Conferences; Data analysis; Delay effects; Independent component analysis; Information analysis; Performance analysis; Production; Usability;
Conference_Titel :
Information Assurance and Security Workshop, 2007. IAW '07. IEEE SMC
Conference_Location :
West Point, NY
Print_ISBN :
1-4244-1304-4
Electronic_ISBN :
1-4244-1304-4
DOI :
10.1109/IAW.2007.381920
