Toward understanding distributed blackhole placement

Cooke, Evan; Bailey, Michael; Mao, Z. Morley; Watson, David; Jahanian, Farnam; McPherson, Danny

doi:10.1145/1029618.1029627

Cited by 78 publications

(42 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…So there are high chances for collecting large amounts of information, as all actions can be logged and analyzed. Any error in the system may allow a hacker to control the full operating system, attack other systems, or intercept messages in the application system [14].…”

Section: E High-interaction Honeypotsmentioning

confidence: 99%

A Survey on Honeypot Technology : Concepts, Types and Working

2017

IJAERD

View full text Add to dashboard Cite

show abstract

Section: E High-interaction Honeypotsmentioning

confidence: 99%

A Survey on Honeypot Technology : Concepts, Types and Working

2017

IJAERD

View full text Add to dashboard Cite

show abstract

“…The SGNET deployment aims at monitoring small sets of IPs deployed in multiple locations of the IP space, in order to characterize the heterogeneity of the activities along the Internet as observed in [14,9]. SGNET sensors are thus low-end hosts meant to be deployed at low cost by different organizations and bound to a limited number of IPs.…”

Section: Sgnet and The Epsilon-gamma-pi-mu Modelmentioning

confidence: 99%

“…An extremely valid instrument to collect information is the honeypot technology. The deployment of honeypots in several locations of the IP space has underlined the fact that different blocks of addresses are attacked differently [14,9]. It is thus extremely important to have in-depth information about these threats in order to study the feasibility of characterizing the different observed segments of the Internet.…”

Section: Introductionmentioning

confidence: 99%

SGNET: A Worldwide Deployable Framework to Support the Analysis of Malware Threat Models

Leita

Daciér

2008

2008 Seventh European Dependable Computing Conference

View full text Add to dashboard Cite

The dependability community has expressed a growing interest in the recent years for the effects of malicious, external, operational faults in computing systems, ie. intrusions. The term intrusion tolerance has been introduced to emphasize the need to go beyond what classical fault tolerant systems were able to offer. Unfortunately, as opposed to well understood accidental faults, the domain is still lacking sound data sets and models to offer rationales in the design of intrusion tolerant solutions. In this paper, we describe a framework similar in its spirit to so called honeyfarms but built in a way that makes its large-scale deployment easily feasible. Furthermore, it offers a very rich level of interaction with the attackers without suffering from the drawbacks of expensive high interaction systems. The system is described, a prototype is presented as well as some preliminary results that highlight the feasibility as well as the usefulness of the approach.

show abstract

“…Preventive mechanisms by identification of the activities and infiltration of the botnets to stop their operations, are proposed. In [16], an overview of the origins and structure of botnets is presented. It used data from the Internet Motion Sensor project [17] and Honeypot [18] to demonstrate the dangers of botnets due to their increase in number and their ability to exploit common system vulnerabilities such as the DCOM RPC [19] and LSASS [20].…”

Section: Related Workmentioning

confidence: 99%

New Approaches for Security, Privacy and Trust in Complex Environments

Venter¹,

Eloff²,

Labuschagne³

et al. 2007

IFIP International Federation for Information Processing

View full text Add to dashboard Cite

Abstract. In recent years, we have seen the arrival of Distributed Denial-ofService (DDoS) open-source bot-based attack tools facilitating easy code enhancement, and so resulting in attack tools becoming more powerful. Developing new techniques for detecting and responding to the latest DDoS attacks often entails using attack traces to determine attack signatures and to test the techniques. However, obtaining actual attack traces is difficult, because the high-profile organizations that are typically attacked will not release monitored data as it may contain sensitive information. In this paper, we present a detailed study of the source code of the popular DDoS attack bots, Agobot, SDBot, RBot and Spybot to provide an in-depth understanding of the attacks in order to facilitate the design of more effective and efficient detection and mitigation techniques.

show abstract

Toward understanding distributed blackhole placement

Cited by 78 publications

References 11 publications

A Survey on Honeypot Technology : Concepts, Types and Working

A Survey on Honeypot Technology : Concepts, Types and Working

SGNET: A Worldwide Deployable Framework to Support the Analysis of Malware Threat Models

New Approaches for Security, Privacy and Trust in Complex Environments

Contact Info

Product

Resources

About