Gokul seminar

223
-1

Published on

Published in: Technology, Travel
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
223
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Gokul seminar

  1. 1. BITS Pilani Hyderabad Campus Co-operative Deployment in a Honeynet System Gokul Kannan. S
  2. 2. Design of Co-operative Deployment in a Distributed Honeynet System Authors: Haifeng Wang, Wingkui Chen Publication: 2010: 14th International Conference on Computer Supported Co-operative Work in Design Objective: To make honeypots easier to deploy & make it more difficult to detect. BITS Pilani, Hyderabad Campus
  3. 3. Architecture BITS Pilani, Hyderabad Campus
  4. 4. Multi-Agent System (MAS) • Multiple agent systems • Agent system (Autonomous System) • • • • Term autonomous originates from the Greek term: autos meaning self and nomos meaning rule or law. Enabling systems to operate independently, without external intervention. Intelligent Systems (systems running AI algorithms) Communication, Monitoring, Decision-Making • Goal-based • • Learn & reason towards achieving their goals Same goal BITS Pilani, Hyderabad Campus
  5. 5. Multi-Agent System (MAS) • 3 types of agents (as per this paper) • Honeypot Agent (H.Ag) – Monitors a set of honeypots – Sends report to D.Ag – Executor of deployment • Host collector Agent (C.Ag) – Collect information about network – Sends report to D.Ag • Deploy Agent (D.Ag) – Get reports from C.Ag and H.Ag – Communicate with other D.Ag (if a best deploy scheme is available) BITS Pilani, Hyderabad Campus
  6. 6. Honey-Farm System (HFS) • Contains a collection of virtual honeypots • Induce degree – the capacity of inducing attackers • Virtual honeypots can be one of the following • • • Low Interaction High Interaction Medium Interaction BITS Pilani, Hyderabad Campus
  7. 7. Computer Network System • Contains a set of computer nodes • OS type: Windows (different versions), Linux • Host-alter degree • Host changing rule • IPActive BITS Pilani, Hyderabad Campus
  8. 8. Challenges in deployment • Type of interaction (low, high, medium) • Honeypot position • • • • • Outside the security system Inside the security system (DMZ) Sub-networks behind firewall Inside the intranet etc. • Distribution of honeypots • • • Nh – no. of honeypots Np – no. of computers P – rate of protection BITS Pilani, Hyderabad Campus
  9. 9. Co-operative Deploy Strategy BITS Pilani, Hyderabad Campus
  10. 10. Algorithm 1: Collect status of computer network BITS Pilani, Hyderabad Campus
  11. 11. Algorithm 2: Collect status of honeyfarm BITS Pilani, Hyderabad Campus
  12. 12. Algorithm 3: Learning & Final Decision BITS Pilani, Hyderabad Campus
  13. 13. Algorithm 3: Learning & Final Decision BITS Pilani, Hyderabad Campus
  14. 14. Algorithm 4: Co-operative Deploy BITS Pilani, Hyderabad Campus
  15. 15. Experiments BITS Pilani, Hyderabad Campus
  16. 16. Experiments BITS Pilani, Hyderabad Campus
  17. 17. Thank You !! BITS Pilani, Hyderabad Campus

×