TUM Logo

MalCoBox: Designing a 10 Gb/s Malware Collection Honeypot Using Reconfigurable Technology

Honeypots present networked computer systemswith known security flaws to attackers and can serve tocollect the executable code (malware) aiming to exploit thevulnerability. We describe and evaluate the proof-of-conceptNetStage Architecture for a high-speed honeypot realized inreconfigurable logic. Dedicated hardware accelerators for thedifferent network processing and detection layers allow thehoneypot to operate at full speed of a 10 Gb/s connection andproject the illusion of thousands of vulnerable systems at once.Furthermore, compromising the honeypot itself is significantlymore difficult than in software honeypots, since all processingis handled by specialized hardware blocks instead of generalpurpose processors.

MalCoBox: Designing a 10 Gb/s Malware Collection Honeypot Using Reconfigurable Technology

Field Programmable Logic and Applications (FPL), 2010 International Conference on

Authors: Sascha Muehlbach, Martin Brunner, Christopher Roblee, and Andreas Koch
Year/month: 2010/8
Booktitle: Field Programmable Logic and Applications (FPL), 2010 International Conference on
Pages: 592 -595
Address: Milan, Italy
Publisher: IEEE Computer Society
Fulltext: click here

Abstract

Honeypots present networked computer systemswith known security flaws to attackers and can serve tocollect the executable code (malware) aiming to exploit thevulnerability. We describe and evaluate the proof-of-conceptNetStage Architecture for a high-speed honeypot realized inreconfigurable logic. Dedicated hardware accelerators for thedifferent network processing and detection layers allow thehoneypot to operate at full speed of a 10 Gb/s connection andproject the illusion of thousands of vulnerable systems at once.Furthermore, compromising the honeypot itself is significantlymore difficult than in software honeypots, since all processingis handled by specialized hardware blocks instead of generalpurpose processors.

Bibtex:

@inproceedings { Muehlbach2010,
author = { Sascha Muehlbach and Martin Brunner and Christopher Roblee and Andreas Koch},
title = { MalCoBox: Designing a 10 Gb/s Malware Collection Honeypot Using Reconfigurable Technology },
year = { 2010 },
month = { August },
booktitle = { Field Programmable Logic and Applications (FPL), 2010 International Conference on },
address = { Milan, Italy },
pages = { 592 -595 },
publisher = { IEEE Computer Society },
url = { http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5694317&isnumber=5694025 },

}