The document summarizes a research paper on designing a cooperative deployment system for distributed honeynets. It proposes a multi-agent system with three types of agents - honeypot, host collector, and deploy agents. The honeypot and host collector agents monitor honeypots and network status respectively and report to the deploy agent. The deploy agent communicates with other deploy agents to determine the optimal deployment scheme considering factors like honeypot interaction type, position, distribution across the network. Algorithms are presented for network and honeypot status collection, learning the optimal strategy, and cooperative deployment. Experiments showed that the proposed approach makes honeypots easier to deploy and more difficult to detect.
2. Design of Co-operative Deployment
in a Distributed Honeynet System
Authors: Haifeng Wang, Wingkui Chen
Publication: 2010: 14th International Conference on
Computer Supported Co-operative Work in Design
Objective:
To make honeypots easier to deploy & make it more difficult
to detect.
BITS Pilani, Hyderabad Campus
4. Multi-Agent System (MAS)
• Multiple agent systems
• Agent system (Autonomous System)
•
•
•
•
Term autonomous originates from the Greek term: autos meaning self and
nomos meaning rule or law.
Enabling systems to operate independently, without external intervention.
Intelligent Systems (systems running AI algorithms)
Communication, Monitoring, Decision-Making
• Goal-based
•
•
Learn & reason towards achieving their goals
Same goal
BITS Pilani, Hyderabad Campus
5. Multi-Agent System (MAS)
• 3 types of agents (as per this paper)
•
Honeypot Agent (H.Ag)
– Monitors a set of honeypots
– Sends report to D.Ag
– Executor of deployment
•
Host collector Agent (C.Ag)
– Collect information about network
– Sends report to D.Ag
•
Deploy Agent (D.Ag)
– Get reports from C.Ag and H.Ag
– Communicate with other D.Ag (if a best deploy scheme is
available)
BITS Pilani, Hyderabad Campus
6. Honey-Farm System (HFS)
• Contains a collection of virtual honeypots
• Induce degree – the capacity of inducing attackers
• Virtual honeypots can be one of the following
•
•
•
Low Interaction
High Interaction
Medium Interaction
BITS Pilani, Hyderabad Campus
7. Computer Network System
• Contains a set of computer nodes
• OS type: Windows (different versions), Linux
• Host-alter degree
•
Host changing rule
• IPActive
BITS Pilani, Hyderabad Campus
8. Challenges in deployment
• Type of interaction (low, high, medium)
• Honeypot position
•
•
•
•
•
Outside the security system
Inside the security system (DMZ)
Sub-networks behind firewall
Inside the intranet
etc.
• Distribution of honeypots
•
•
•
Nh – no. of honeypots
Np – no. of computers
P – rate of protection
BITS Pilani, Hyderabad Campus