TU Darmstadt / ULB / TUbiblio

MalCoBox: Designing a 10 Gb/s Malware Collection Honeypot using Reconfigurable Technology

Mühlbach, Sascha and Brunner, Martin and Roblee, Christopher and Koch, Andreas (2010):
MalCoBox: Designing a 10 Gb/s Malware Collection Honeypot using Reconfigurable Technology.
In: 20th International Conference on Field Programmable Logic and Applications (FPL 2010), [Conference or Workshop Item]

Abstract

Honeypots present networked computer systems with known security flaws to attackers and can serve to collect the executable code (malware) aiming to exploit the vulnerability. We describe and evaluate the proof-of-concept NetStage Architecture for a high-speed honeypot realized in reconfigurable logic. Dedicated hardware accelerators for the different network processing and detection layers allow the honeypot to operate at full speed of a 10 Gb/s connection and project the illusion of thousands of vulnerable systems at once. Furthermore, compromising the honeypot itself is significantly more difficult than in software honeypots, since all processing is handled by specialized hardware blocks instead of general purpose processors.

Item Type: Conference or Workshop Item
Erschienen: 2010
Creators: Mühlbach, Sascha and Brunner, Martin and Roblee, Christopher and Koch, Andreas
Title: MalCoBox: Designing a 10 Gb/s Malware Collection Honeypot using Reconfigurable Technology
Language: German
Abstract:

Honeypots present networked computer systems with known security flaws to attackers and can serve to collect the executable code (malware) aiming to exploit the vulnerability. We describe and evaluate the proof-of-concept NetStage Architecture for a high-speed honeypot realized in reconfigurable logic. Dedicated hardware accelerators for the different network processing and detection layers allow the honeypot to operate at full speed of a 10 Gb/s connection and project the illusion of thousands of vulnerable systems at once. Furthermore, compromising the honeypot itself is significantly more difficult than in software honeypots, since all processing is handled by specialized hardware blocks instead of general purpose processors.

Title of Book: 20th International Conference on Field Programmable Logic and Applications (FPL 2010)
Uncontrolled Keywords: Secure Things
Divisions: LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
LOEWE > LOEWE-Zentren
LOEWE
Date Deposited: 30 Dec 2016 20:23
Identification Number: TUD-CS-2010-0236
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details