Universal Honeyfarm Containment

Jay Chen, John McCullough and Alex C. Snoeren
CS2007-0902
September 4, 2007

The growing sophistication of self-propagating worms and botnets presents a significant challenge for investigators to understand. While honeyfarms have emerged as a powerful tool for capturing and analyzing rapid malware, the size and complexity of large scale, high fidelity honeyfarms make them problematic to operate in a simultaneously safe and effective manner. This paper introduces a universe abstraction that guarantees isolation between multiple malware infestations in a single honeyfarm while maximizing the realism of the honeyfarm as observed by a propagating worm. We demonstrate that each malware strain can be completely isolated without distorting malware spreading behavior, and that this can in fact increase the scalability of honeyfarms.


How to view this document


The authors of these documents have submitted their reports to this technical report series for the purpose of non-commercial dissemination of scientific work. The reports are copyrighted by the authors, and their existence in electronic format does not imply that the authors have relinquished any rights. You may copy a report for scholarly, non-commercial purposes, such as research or instruction, provided that you agree to respect the author's copyright. For information concerning the use of this document for other than research or instructional purposes, contact the authors. Other information concerning this technical report series can be obtained from the Computer Science and Engineering Department at the University of California at San Diego, techreports@cs.ucsd.edu.


[ Search ]


NCSTRL
This server operates at UCSD Computer Science and Engineering.
Send email to webmaster@cs.ucsd.edu