HIVE: An Open Infrastructure for Malware Collection and Analysis

Honeynets have become an important tool for researchers and network operators. However, the lack of a unified honeynet data model has impeded their effectiveness, resulting in multiple unrelated data sources, each with its own proprietary access method and format. Moreover, the deployment and management of a honeynet is a time-consuming activity and the interpretation of collected data is far from trivial. This paper proposes HIVE (Honeynet Infrastructure in Virtualized Environment), a new highly scalable automated data collection and analysis architecture, which is built on top of proven FLOSS (Free, Libre and Open Source) solutions integrated and extended with new tools the author developed. The paper uses virtualization to ease honeypot management and deployment, combining both high-interaction and low-interaction sensors in a common infrastructure.