TU Darmstadt / ULB / TUbiblio

MalCoBox: Designing a 10 Gb/s Malware Collection Honeypot using Reconfigurable Technology

Mühlbach, Sascha ; Brunner, Martin ; Roblee, Christopher ; Koch, Andreas (2010)
MalCoBox: Designing a 10 Gb/s Malware Collection Honeypot using Reconfigurable Technology.
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Honeypots present networked computer systems with known security flaws to attackers and can serve to collect the executable code (malware) aiming to exploit the vulnerability. We describe and evaluate the proof-of-concept NetStage Architecture for a high-speed honeypot realized in reconfigurable logic. Dedicated hardware accelerators for the different network processing and detection layers allow the honeypot to operate at full speed of a 10 Gb/s connection and project the illusion of thousands of vulnerable systems at once. Furthermore, compromising the honeypot itself is significantly more difficult than in software honeypots, since all processing is handled by specialized hardware blocks instead of general purpose processors.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2010
Autor(en): Mühlbach, Sascha ; Brunner, Martin ; Roblee, Christopher ; Koch, Andreas
Art des Eintrags: Bibliographie
Titel: MalCoBox: Designing a 10 Gb/s Malware Collection Honeypot using Reconfigurable Technology
Sprache: Deutsch
Publikationsjahr: September 2010
Buchtitel: 20th International Conference on Field Programmable Logic and Applications (FPL 2010)
Kurzbeschreibung (Abstract):

Honeypots present networked computer systems with known security flaws to attackers and can serve to collect the executable code (malware) aiming to exploit the vulnerability. We describe and evaluate the proof-of-concept NetStage Architecture for a high-speed honeypot realized in reconfigurable logic. Dedicated hardware accelerators for the different network processing and detection layers allow the honeypot to operate at full speed of a 10 Gb/s connection and project the illusion of thousands of vulnerable systems at once. Furthermore, compromising the honeypot itself is significantly more difficult than in software honeypots, since all processing is handled by specialized hardware blocks instead of general purpose processors.
Freie Schlagworte: Secure Things
ID-Nummer: TUD-CS-2010-0236
Fachbereich(e)/-gebiet(e): LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
LOEWE > LOEWE-Zentren
LOEWE
Hinterlegungsdatum: 30 Dez 2016 20:23
Letzte Änderung: 17 Mai 2018 13:02
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen
OAI 2.0-Basis-URL: https://tubiblio.ulb.tu-darmstadt.de/cgi/oai2 TUbiblio verwendet EPrints 3.
Drucken | Impressum | Datenschutzerklärung