Mühlbach, Sascha ; Koch, Andreas (2010)
An FPGA-based Scalable Platform for High-Speed Malware Collection in Large IP Networks.
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
With the growing diversity of malware, researchers must be able to quickly collect many representative samples for study. This is commonly achieved by harvesting the malware from honeypots: Insecure systems presenting a wide attack surface to the public Internet, aiming to attract attackers. However, software-based honeypots have both performance issues in light of 10+ Gb/s networks, as well as difficulties in preventing the compromise of the honeypot system itself. We present an architecture for a honeypot using dedicated hardware instead of a general-purpose processor. Our system is fast enough to keep up with high-speed networks and more resilient against subversion attempts than existing software solutions. It consists of a highspeed implementation of the Internet protocol stack attached to hardware-based emulations of vulnerable applications. A specialized implementation of the TCP protocol, capable of managing hundreds of thousands of simultaneous connections, allows the system to span large honeynets. The practical feasibility of the approach has been demonstrated on a real FPGA platform connected to a 10 Gb/s network interface.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2010 |
| Autor(en): | Mühlbach, Sascha ; Koch, Andreas |
| Art des Eintrags: | Bibliographie |
| Titel: | An FPGA-based Scalable Platform for High-Speed Malware Collection in Large IP Networks |
| Sprache: | Deutsch |
| Publikationsjahr: | Dezember 2010 |
| Buchtitel: | 2010 International Conference on Field Programmable Technology (FPT 2010) |
| Kurzbeschreibung (Abstract): | With the growing diversity of malware, researchers must be able to quickly collect many representative samples for study. This is commonly achieved by harvesting the malware from honeypots: Insecure systems presenting a wide attack surface to the public Internet, aiming to attract attackers. However, software-based honeypots have both performance issues in light of 10+ Gb/s networks, as well as difficulties in preventing the compromise of the honeypot system itself. We present an architecture for a honeypot using dedicated hardware instead of a general-purpose processor. Our system is fast enough to keep up with high-speed networks and more resilient against subversion attempts than existing software solutions. It consists of a highspeed implementation of the Internet protocol stack attached to hardware-based emulations of vulnerable applications. A specialized implementation of the TCP protocol, capable of managing hundreds of thousands of simultaneous connections, allows the system to span large honeynets. The practical feasibility of the approach has been demonstrated on a real FPGA platform connected to a 10 Gb/s network interface. |
| Freie Schlagworte: | Secure Things |
| ID-Nummer: | TUD-CS-2010-0238 |
| Fachbereich(e)/-gebiet(e): | LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt LOEWE > LOEWE-Zentren LOEWE |
| Hinterlegungsdatum: | 30 Dez 2016 20:23 |
| Letzte Änderung: | 17 Mai 2018 13:02 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum