Collapsar: A VM-Based Honeyfarm and Reverse Honeyfarm Architecture for Network Attack Capture and Detention
The honeypot has emerged as an effective tool to provide insights into new attacks and exploitation trends. However, a single honeypot or multiple independently operated honeypots only provide limited local views of network attacks. Coordinated deployment of honeypots in different network domains not only provides broader views, but also creates opportunities of early network anomaly detection, attack correlation, and global network status inference. Unfortunately, coordinated honeypot operations require close collaboration and uniform security expertise across participating network domains. The conflict between decentralized presence and uniform management poses a major challenge in honeypot deployment and operation.