Distributed Honeypot log management and visualization of attacker geographical distribution

2011 Eighth International Joint Conference on Computer Science and Software Engineering (JCSSE) Pub Date : 2011-05-11 DOI:10.1109/JCSSE.2011.5930083

V. Visoottiviseth, Uttapol Jaralrungroj, Ekkachai Phoomrungraungsuk, Pongpak Kultanon

{"title":"Distributed Honeypot log management and visualization of attacker geographical distribution","authors":"V. Visoottiviseth, Uttapol Jaralrungroj, Ekkachai Phoomrungraungsuk, Pongpak Kultanon","doi":"10.1109/JCSSE.2011.5930083","DOIUrl":null,"url":null,"abstract":"Honeypot is a prominent technology that helps us learn new hacking techniques from attackers and intruders. The much information from multiple Honeypot servers, the more appropriate signatures we can generate. To ease the administrator to manage and monitor trace files from multiple Honeypot servers that are distributed in various locations at the same time, in this paper we design and implement a prototype of log management server to automatically and periodically collect log files from them. Information reported by each Honeypot server will be sent in secure manner to the log management server. The log management server then parses the information into the database server, where users can search for specific information through the web interface, such as searching based on one or two Honeypot servers. Moreover, the geographical distribution of attackers is visualized in the world map by utilizing the WHOIS database and GeoPlot software.","PeriodicalId":287775,"journal":{"name":"2011 Eighth International Joint Conference on Computer Science and Software Engineering (JCSSE)","volume":"80 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-05-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Eighth International Joint Conference on Computer Science and Software Engineering (JCSSE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/JCSSE.2011.5930083","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

Abstract

Honeypot is a prominent technology that helps us learn new hacking techniques from attackers and intruders. The much information from multiple Honeypot servers, the more appropriate signatures we can generate. To ease the administrator to manage and monitor trace files from multiple Honeypot servers that are distributed in various locations at the same time, in this paper we design and implement a prototype of log management server to automatically and periodically collect log files from them. Information reported by each Honeypot server will be sent in secure manner to the log management server. The log management server then parses the information into the database server, where users can search for specific information through the web interface, such as searching based on one or two Honeypot servers. Moreover, the geographical distribution of attackers is visualized in the world map by utilizing the WHOIS database and GeoPlot software.

查看原文本刊更多论文

分布式蜜罐日志管理和攻击者地理分布可视化

蜜罐是一项杰出的技术，可以帮助我们从攻击者和入侵者那里学习新的黑客技术。来自多个蜜罐服务器的信息越多，我们可以生成的签名就越合适。为了方便管理员管理和监控同时分布在不同位置的多个蜜罐服务器的跟踪文件，本文设计并实现了一个日志管理服务器的原型，用于自动定期收集这些服务器上的日志文件。各蜜罐服务器上报的信息将被安全发送到日志管理服务器。日志管理服务器将查询到的信息解析到数据库服务器，用户可以通过web界面对数据库服务器上的特定信息进行搜索，例如通过一个或两个Honeypot服务器进行搜索。利用WHOIS数据库和GeoPlot软件，将攻击者的地理分布可视化到世界地图上。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2011 Eighth International Joint Conference on Computer Science and Software Engineering (JCSSE)

自引率

0.00%

发文量