Share Email Print

Proceedings Paper

Automatic analysis of attack data from distributed honeypot network
Author(s): Jakub Safarik; MIroslav Voznak; Filip Rezac; Pavol Partila; Karel Tomala
Format Member Price Non-Member Price
PDF $17.00 $21.00

Paper Abstract

There are many ways of getting real data about malicious activity in a network. One of them relies on masquerading monitoring servers as a production one. These servers are called honeypots and data about attacks on them brings us valuable information about actual attacks and techniques used by hackers. The article describes distributed topology of honeypots, which was developed with a strong orientation on monitoring of IP telephony traffic. IP telephony servers can be easily exposed to various types of attacks, and without protection, this situation can lead to loss of money and other unpleasant consequences. Using a distributed topology with honeypots placed in different geological locations and networks provides more valuable and independent results. With automatic system of gathering information from all honeypots, it is possible to work with all information on one centralized point. Communication between honeypots and centralized data store use secure SSH tunnels and server communicates only with authorized honeypots. The centralized server also automatically analyses data from each honeypot. Results of this analysis and also other statistical data about malicious activity are simply accessible through a built-in web server. All statistical and analysis reports serve as information basis for an algorithm which classifies different types of used VoIP attacks. The web interface then brings a tool for quick comparison and evaluation of actual attacks in all monitored networks. The article describes both, the honeypots nodes in distributed architecture, which monitor suspicious activity, and also methods and algorithms used on the server side for analysis of gathered data.

Paper Details

Date Published: 28 May 2013
PDF: 7 pages
Proc. SPIE 8755, Mobile Multimedia/Image Processing, Security, and Applications 2013, 875512 (28 May 2013); doi: 10.1117/12.2015514
Show Author Affiliations
Jakub Safarik, VŠB-Technical Univ. of Ostrava (Czech Republic)
MIroslav Voznak, VŠB-Technical Univ. of Ostrava (Czech Republic)
Filip Rezac, VŠB-Technical Univ. of Ostrava (Czech Republic)
Pavol Partila, VŠB-Technical Univ. of Ostrava (Czech Republic)
Karel Tomala, VŠB-Technical Univ. of Ostrava (Czech Republic)

Published in SPIE Proceedings Vol. 8755:
Mobile Multimedia/Image Processing, Security, and Applications 2013
Sos S. Agaian; Sabah A. Jassim; Eliza Yingzi Du, Editor(s)

© SPIE. Terms of Use
Back to Top
Sign in to read the full article
Create a free SPIE account to get access to
premium articles and original research
Forgot your username?