HoneyCloud: elastic honeypots - On-attack provisioning of high-interaction honeypots

Abstract : This paper presents HoneyCloud: a large-scale high-interaction honeypots architecture based on a cloud infrastructure. The paper shows how to setup and deploy on-demand virtualized honeypot hosts on a private cloud. Each attacker is elastically assigned to a new virtual honeypot instance. HoneyCloud offers a high scalability. With a small number of public IP addresses, HoneyCloud can multiplex thousands of attackers. The attacker can perform malicious activities on the honeypot and launch new attacks from the compromised host. The HoneyCloud architecture is designed to collect operating system logs about attacks, from various IDS, tools and sensors. Each virtual honeypot instance includes network and especially system sensors that gather more useful information than traditional network oriented honeypots. The paper shows how are collected the activities of attackers into the cloud storage mechanism for further forensics. HoneyCloud also addresses efficient attacker's session storage, long term session management, isolation between attackers and fidelity of hosts.
Type de document :
Communication dans un congrès
SECRYPT 2012, Jul 2012, Rome, Italy. pp.434-439, 2012
Liste complète des métadonnées

https://hal.archives-ouvertes.fr/hal-00721415
Contributeur : Jean-François Lalande <>
Soumis le : vendredi 27 juillet 2012 - 13:55:11
Dernière modification le : vendredi 20 avril 2018 - 15:44:26

Identifiants

  • HAL Id : hal-00721415, version 1

Citation

Patrice Clemente, Jean-François Lalande, Jonathan Rouzaud-Cornabas. HoneyCloud: elastic honeypots - On-attack provisioning of high-interaction honeypots. SECRYPT 2012, Jul 2012, Rome, Italy. pp.434-439, 2012. 〈hal-00721415〉

Partager

Métriques

Consultations de la notice

479