HoneyLab: Large-Scale Honeypot Deployment and Resource Sharing

Date Added: Jul 2009
Format: PDF

Honeypots are valuable tools for detecting and analyzing malicious activity on the Internet. Successful and time-critical detection of such activity often depends on large-scale deployment. However, commercial organizations usually do not share honeypot data, and large, open honeypot initiatives only provide read-only alert feeds. As a result, while large and resourceful organizations can afford the high cost of this technology, smaller security firms and security researchers are fundamentally constrained. The authors propose and build a shared infrastructure for deploying and monitoring honeypots, called HoneyLab, that is similar in spirit to PlanetLab. With an overlay and distributed structure of address space and computing resources, HoneyLab increases coverage and accelerates innovation among security researchers as well as security industry experts relying on honeypot-based attack detection technology.