Just another ComMetrics – social media monitoring, best metrics, marketing metrics weblog

Research that matters – more insights into NOAH the European Network of Affined Honeypots research project

September 30th, 2007 · No Comments ·

Related posts:

CyTRAP Lab’s Choice – free tool – Honeynet Project’s Honeysnap

Common Malware Enumeration – CME – where is it going?

fast-flux networks – a few things we should know

It is a well known fact that effectiveness of honeypots heavily depends on the unused IP address space they cover. Unused IP address space is, of course, something every organization has to deal with.

Another challenge with using honeypots is that a known weakness is that attackers can detect the placement of certain types of sensors which makes their effectiveness questionable.

The NOAH the European Network of Affined Honeypots research effort tries to address these concerns and amongst other important features, it uses attack signatures that are being created when running a net of honeypots using Argos – the secure system emulator.

Now NOAH the European Network of Affined Honeypots research effort has produced another research paper that will be presented at the The 5th ACM Workshop on Recurring Malcode (WORM 2007) to be held in Alexandria, Virginia on November 2, 1007.

You can download a pdf version of this important paper to be presented in November at the above conference here:

Antonatos, S., & Markatos, E. P. and K. G. Anagnostakis (October 2007). Honey@home: A new approach to large scale threat monitoring. Paper to be presented at The 5th ACM Workshop on Recurring Malcode (WORM 2007)

NOAH proposes a new architecture that enables large-scale deployment at low cost, while making it harder for attackers to maintain accurate black-lists. In turn, critical information infrastructure protection can be helped by using the NOAH  approach.

The above paper discusses this in some detail and shows some of the successes that has materialized with this approach.

Check it out.


NOAH involves eight partners from the academic, research and commercial sectors and represents a total investment of EUR 2,429,374;

60% of which is funded from the Research Infrastructures Programme of the European Union (Framework Program 6 or FP6).

The project started on 1 April 2005 and runs until 31 March 2008.


To make it more convenient for you to take advantage of CyTRAP Labs’ offerings, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs.


→ No CommentsTags: affined · argos · honey · honeypots · malcode · noah · partners · recurring