TU Darmstadt / ULB / TUbiblio

MalCoBox: Designing a 10 Gb/s Malware Collection Honeypot using Reconfigurable Technology

Mühlbach, Sascha ; Brunner, Martin ; Roblee, Christopher ; Koch, Andreas (2010)
MalCoBox: Designing a 10 Gb/s Malware Collection Honeypot using Reconfigurable Technology.
Conference or Workshop Item, Bibliographie

Abstract

Honeypots present networked computer systems with known security flaws to attackers and can serve to collect the executable code (malware) aiming to exploit the vulnerability. We describe and evaluate the proof-of-concept NetStage Architecture for a high-speed honeypot realized in reconfigurable logic. Dedicated hardware accelerators for the different network processing and detection layers allow the honeypot to operate at full speed of a 10 Gb/s connection and project the illusion of thousands of vulnerable systems at once. Furthermore, compromising the honeypot itself is significantly more difficult than in software honeypots, since all processing is handled by specialized hardware blocks instead of general purpose processors.

Item Type: Conference or Workshop Item
Erschienen: 2010
Creators: Mühlbach, Sascha ; Brunner, Martin ; Roblee, Christopher ; Koch, Andreas
Type of entry: Bibliographie
Title: MalCoBox: Designing a 10 Gb/s Malware Collection Honeypot using Reconfigurable Technology
Language: German
Date: September 2010
Book Title: 20th International Conference on Field Programmable Logic and Applications (FPL 2010)
Abstract:

Honeypots present networked computer systems with known security flaws to attackers and can serve to collect the executable code (malware) aiming to exploit the vulnerability. We describe and evaluate the proof-of-concept NetStage Architecture for a high-speed honeypot realized in reconfigurable logic. Dedicated hardware accelerators for the different network processing and detection layers allow the honeypot to operate at full speed of a 10 Gb/s connection and project the illusion of thousands of vulnerable systems at once. Furthermore, compromising the honeypot itself is significantly more difficult than in software honeypots, since all processing is handled by specialized hardware blocks instead of general purpose processors.

Uncontrolled Keywords: Secure Things
Identification Number: TUD-CS-2010-0236
Divisions: LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
LOEWE > LOEWE-Zentren
LOEWE
Date Deposited: 30 Dec 2016 20:23
Last Modified: 17 May 2018 13:02
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details