EUIST

EUIST

Just another ComMetrics – social media monitoring, best metrics, marketing metrics weblog

Research that matters – more insights into NOAH the European Network of Affined Honeypots research project

September 30th, 2007 · No Comments

Related posts:

- CyTRAP Lab’s Choice – free tool – Honeynet Project’s Honeysnap

- Common Malware Enumeration – CME – where is it going?

- fast-flux networks – a few things we should know

It is a well known fact that effectiveness of honeypots heavily depends on the unused IP address space they cover. Unused IP address space is, of course, something every organization has to deal with.

Another challenge with using honeypots is that a known weakness is that attackers can detect the placement of certain types of sensors which makes their effectiveness questionable.

The NOAH the European Network of Affined Honeypots research effort tries to address these concerns and amongst other important features, it uses attack signatures that are being created when running a net of honeypots using Argos – the secure system emulator.

Now NOAH the European Network of Affined Honeypots research effort has produced another research paper that will be presented at the The 5th ACM Workshop on Recurring Malcode (WORM 2007) to be held in Alexandria, Virginia on November 2, 1007.

You can download a pdf version of this important paper to be presented in November at the above conference here:

Antonatos, S., & Markatos, E. P. and K. G. Anagnostakis (October 2007). Honey@home: A new approach to large scale threat monitoring. Paper to be presented at The 5th ACM Workshop on Recurring Malcode (WORM 2007)

NOAH proposes a new architecture that enables large-scale deployment at low cost, while making it harder for attackers to maintain accurate black-lists. In turn, critical information infrastructure protection can be helped by using the NOAH  approach.

The above paper discusses this in some detail and shows some of the successes that has materialized with this approach.

Check it out.

INFORMATION ABOUT NOAH

NOAH involves eight partners from the academic, research and commercial sectors and represents a total investment of EUR 2,429,374;

60% of which is funded from the Research Infrastructures Programme of the European Union (Framework Program 6 or FP6).

The project started on 1 April 2005 and runs until 31 March 2008.

SUBSCRIPTION

To make it more convenient for you to take advantage of CyTRAP Labs’ offerings, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs.

Your email:

 

Tags: Uncategorized

No Responses to “Research that matters – more insights into NOAH the European Network of Affined Honeypots research project”

Trackbacks/Pingbacks

  1. CyTRAP Labs - info about us - creating more value » Blog Archive » 1 govcert.nl 2007 conference - user empowerment and information security says:
    July 8, 2008 at 8:19 pm

    [...] To detect a network of bots, Cyber Clean Center uses honeypots (see also NOAH), gets IP addresses of infected computers and sends an email to a user whose PC has become part of a botnet. The alerting method does not just send the infected user an e-mail but, as importantly, the user is sent a URL of the “BOT disinfestation website” that shows how to remove the malware from one’s PC. (see also -Research that matters – more insights into NOAH the European Network of Affined Honeypots research project). [...]

  2. CyTRAP Labs - EU-IST - we help protect since 2000 » Blog Archive » CyTRAP Labs forecast about malware - cyber immunodeficiency virus (CIV) the digital version of HIV? says:
    February 27, 2009 at 10:41 pm

    [...] In fact, once an infected computer is cleaned, Storm’s creator(s) can easily release a new variant (see also NOAH the European Network of Affined Honeypots research project) [...]

Leave a Comment

You can add a link to follow you on twitter if you put your username in this box.
Only needs to be added once (unless you change your username). No http or @ Twitter

Subscribe without commenting