Gokul seminar
The document summarizes a research paper on designing a cooperative deployment system for distributed honeynets. It proposes a multi-agent system with three types of agents - honeypot, host collector, and deploy agents. The honeypot and host collector agents monitor honeypots and network status respectively and report to the deploy agent. The deploy agent communicates with other deploy agents to determine the optimal deployment scheme considering factors like honeypot interaction type, position, distribution across the network. Algorithms are presented for network and honeypot status collection, learning the optimal strategy, and cooperative deployment. Experiments showed that the proposed approach makes honeypots easier to deploy and more difficult to detect.
Gokul seminar
- 1. BITS Pilani Hyderabad Campus Co-operative Deployment in a Honeynet System Gokul Kannan. S
- 2. Design of Co-operative Deployment in a Distributed Honeynet System Authors: Haifeng Wang, Wingkui Chen Publication: 2010: 14th International Conference on Computer Supported Co-operative Work in Design Objective: To make honeypots easier to deploy & make it more difficult to detect. BITS Pilani, Hyderabad Campus
- 3. Architecture BITS Pilani, Hyderabad Campus
- 4. Multi-Agent System (MAS) Multiple agent systems Agent system (Autonomous System) Term autonomous originates from the Greek term: autos meaning self and nomos meaning rule or law. Enabling systems to operate independently, without external intervention. Intelligent Systems (systems running AI algorithms) Communication, Monitoring, Decision-Making Goal-based Learn & reason towards achieving their goals Same goal BITS Pilani, Hyderabad Campus
- 5. Multi-Agent System (MAS) 3 types of agents (as per this paper) Honeypot Agent (H.Ag) Monitors a set of honeypots Sends report to D.Ag Executor of deployment Host collector Agent (C.Ag) Collect information about network Sends report to D.Ag Deploy Agent (D.Ag) Get reports from C.Ag and H.Ag Communicate with other D.Ag (if a best deploy scheme is available) BITS Pilani, Hyderabad Campus
- 6. Honey-Farm System (HFS) Contains a collection of virtual honeypots Induce degree the capacity of inducing attackers Virtual honeypots can be one of the following Low Interaction High Interaction Medium Interaction BITS Pilani, Hyderabad Campus
- 7. Computer Network System Contains a set of computer nodes OS type: Windows (different versions), Linux Host-alter degree Host changing rule IPActive BITS Pilani, Hyderabad Campus
- 8. Challenges in deployment Type of interaction (low, high, medium) Honeypot position Outside the security system Inside the security system (DMZ) Sub-networks behind firewall Inside the intranet etc. Distribution of honeypots Nh no. of honeypots Np no. of computers P rate of protection BITS Pilani, Hyderabad Campus
- 9. Co-operative Deploy Strategy BITS Pilani, Hyderabad Campus
- 10. Algorithm 1: Collect status of computer network BITS Pilani, Hyderabad Campus
- 11. Algorithm 2: Collect status of honeyfarm BITS Pilani, Hyderabad Campus
- 12. Algorithm 3: Learning & Final Decision BITS Pilani, Hyderabad Campus
- 13. Algorithm 3: Learning & Final Decision BITS Pilani, Hyderabad Campus
- 14. Algorithm 4: Co-operative Deploy BITS Pilani, Hyderabad Campus
- 15. Experiments BITS Pilani, Hyderabad Campus
- 16. Experiments BITS Pilani, Hyderabad Campus
- 17. Thank You !! BITS Pilani, Hyderabad Campus