This paper presents Shadow Honeypots, a novel hybrid architecture that combines the best features of honeypots and anomaly detection. Traffic that is considered anomalous is processed by a 'Shadow honeypot' to determine the accuracy of the anomaly prediction. The shadow is an instance of the protected software that shares all internal state with a regular instance of the application, and is instrumented to detect potential attacks. Attacks against the shadow are caught, and any incurred state changes are discarded. The architecture allows system designers to fine-tune systems for performance, since false positives will be filtered by the shadow. Contrary to regular honeypots, the architecture can be used both for server and client applications. One demonstrated the feasibility of the approach in a proof-of-concept implementation of the Shadow Honeypot architecture for the Apache web server and the Mozilla Firefox browser.
Did you find this white paper useful?
18 out of 50 users found this white paper useful
Related white papers
Balancing Security Against Productivity
What makes for great security? Is it about keeping the bad guys out or letting the good guys in? About defending attacks or preventing them? When IDG Research Services queried...
Secure Desktop On-Demand Webcast
The desktop or endpoint is one of the most vulnerable parts of your environment. Threats are everywhere. You have users who love to experiment with device settings (only to wonder...
Novell Zenworks Endpoint Security Management: Total Control from a Single Console
Still super gluing your USB ports shut? Unauthorized access to networks, lost or stolen laptops and other mobile hardware, and theft of proprietary information or intellectual property accounted for more...
Accountancy Firm Gain a Powerful New Tool for Laptop Security
Since 1997, Anderson Hubertz, Kirkhof (AHK) has been serving small to medium-sized companies throughout Denmark. With all 80 employees at AHK using corporate laptops, network security is crucial. AHK felt...
MSDN Webcast: Practical Security for Intranet Solutions (Level 200)
Internal Web and Windows-based applications often require integration with existing applications and systems, access to databases, strong authorization and authentication mechanisms, and identity management. This webcast discusses strategies for incorporating...
Explosives Detection
The Agilent 2100 bioanalyzer is a personal Lab-on-a-Chip platform operating disposable microfluidic chips for analysis of DNA/RNA/Proteins and cells. For the last 4 years, the Agilent 2100 bioanalyzer has replaced...
Fujian Tax Bureau Tightens Information Security With HP Services
The Fujian Province Local Taxation Bureau stores confidential information of 400,000 taxpayers in the province. Any loss of information or computer failure would result in serious disruptions and damage to...
