Communications and Networking. 12th International Conference, ChinaCom 2017, Xi’an, China, October 10-12, 2017, Proceedings, Part II

Research Article

A Honeyfarm Data Control Mechanism and Forensic Study

  • @INPROCEEDINGS{10.1007/978-3-319-78139-6_37,
        author={Wei Yin and Hongjian Zhou and Chunlei Yang},
        title={A Honeyfarm Data Control Mechanism and Forensic Study},
        proceedings={Communications and Networking. 12th International Conference, ChinaCom 2017, Xi’an, China, October 10-12, 2017, Proceedings, Part II},
        proceedings_a={CHINACOM},
        year={2018},
        month={4},
        keywords={Honeyfarm Data control Forensic analysis},
        doi={10.1007/978-3-319-78139-6_37}
    }
    
  • Wei Yin
    Hongjian Zhou
    Chunlei Yang
    Year: 2018
    A Honeyfarm Data Control Mechanism and Forensic Study
    CHINACOM
    Springer
    DOI: 10.1007/978-3-319-78139-6_37
Wei Yin1,*, Hongjian Zhou1, Chunlei Yang1
  • 1: North China Institute of Computing Technology
*Contact email: yinweihappy168@yahoo.com

Abstract

Honeyfarm is a model to deploy honeypots for global network attack monitoring, correlation and forensic analysis. Data control is a fundamental problem in the honeyfarm to protect the Internet from being attacked by compromised honeypots in the honeyfarm, while providing a controlled environment for worm behaviour study. However, this problem is not well addressed in a limited number of existing implementations. This paper presents a honeyfarm system and focuses on the design of a data control mechanism based on Intrusion detection and Data redirection (DOID). Comprehensive experiments including attack event tracing, worm behaviour study and forensic analysis display that DOID is a good tool for attack monitoring and forensic analysis.