Towards An Invisible Honeypot Monitoring System presented at HITBSecConf Malaysia 2006

by Nguyen Anh Quynh,

Tags: Security Monitoring

Summary : Presentation Title:Presentation Details:Honeypot is a decoy system to trap attackers, and data capture tool is one of the core components of the honeypot architecture. The most vital requirement of this component is that it must function as stealthily as possible, so the intruder is not aware of its presence. Currently Sebek is the most sophisticated tool for this purpose. Unfortunately Sebek is rather easy to detect, even with unprivileged right access. This talk discusses the drawbacks of Sebek, then proposes an architecture and implementation of a tool named Xebek. Based on Xen Virtual Machine technology, Xebek aims to address the most outstanding problems of Sebek. While Xebek provides the similar features as Sebek does, our tool is far more “invisible” and harder to uncover. The experimental results also demonstrate that Xebek is more flexible, while the reliability and efficiency are significantly improved over its counterpart.About QuynhNguyen Anh Quynh is a PhD student of Keio university, Japan. His research interests include computer security, networking, forensic, virtualization, robust system and Operating System. He is one of the key contributors of Xen Virtual Machine, and he also contributes to various other open source projects. Currently he is working on security problems of virtual machines, specifically focus on Xen.