Benefits



  • Detects and fools most sophisticated attacks by utilizing a real world system and network High Interaction Honeypot (HIH).

  • No false positive alarms since the honeypots should not be used by any valid users.

  • No installation and low maintenance.

  • Real world decoys, deceptions and deflections.

  • Outsource-managed honeypot and honeynet.

  • New or zero day exploit detection and mining

  • Low risk as the honeypot/honeynet is not physically within the client’s network.

  • Significantly reduced network bandwidth for security incident data transfer for forensic investigations.

  • Provides comprehensive and reliable evidence for potential lawsuits and related litigations.

  • Provides a unified big data platform for sharing attack information with other security researchers and security experts for the purpose of collaborative data analytics.

Background Problems



  • Almost all important and critical computing resources are connected to the local network and/or global Internet.

  • Remote attackers from anywhere need only to find a single weakness or vulnerability for launching a successful attack.

  • Conventional malicious software (malware) are crude and attackers are not well-organized.

  • Advanced Persistent Threat (APT) has emerged as a new class of sophisticated network-based attacks launched by determined and persistent attackers.

  • Popular APT incidents are Sony’s attack and Iran’s nuclear facility sabotage.

  • Well-known APT attack malwares are Stuxnet, Duqu and Flame that utilize many new or zero day vulnerability exploits to remain stealthy for years.

Innovations



  • Offer managed honeypot/honeynet as a service.

  • Scalable to many users/clients/honeypots/honeynet.

  • Supports easy setup and maintenance of High Interaction Honeypot (HIH), Medium Interaction Honeypot (MIH) and Low Interaction Honeypot (LIH).

  • Provides innovative Virtual Crime Scene Investigation for comprehensive attack information gathering.

  • Provides automated malware detection for new types of vulnerabilities or zero day exploits with innovative cloud-based dynamic malware analyzer (SCARECROW).

Architecture



Architecture

Infrastructure

Deployment

Results