| Publisher | Columbia University | ||
|---|---|---|---|
| Format | 313.6KB PDF | Date added | 13 May 2005 |
| Topics | Network Security | ||
| Downloads | 107 | ||
This paper presents Shadow Honeypots, a novel hybrid architecture that combines the best features of honeypots and anomaly detection. Traffic that is considered anomalous is processed by a 'Shadow honeypot' to determine the accuracy of the anomaly prediction. The shadow is an instance of the protected software that shares all internal state with a regular instance of the application, and is instrumented to detect potential attacks. Attacks against the shadow are caught, and any incurred state changes are discarded. The architecture allows system designers to fine-tune systems for performance, since false positives will be filtered by the shadow. Contrary to regular honeypots, the architecture can be used both for server and client applications. One demonstrated the feasibility of the approach in a proof-of-concept implementation of the Shadow Honeypot architecture for the Apache web server and the Mozilla Firefox browser.
Did you find this white paper useful?
20 out of 50 users found this white paper useful
Related white papers
MessageLabs Intelligence : 2009 security Predictions
Having analyzed the global threat landscape for almost a decade, MessageLabs Team Skeptic™ is comprised of many world-renowned malware and spam experts who have a global view of threats across...
IDC Vendor Spotlight
Organised ubiquity is a must for organisations to sucessfully "project" their users in any given landspace, at any given time, with secuirty policy. This White Paper covers issues surrounding secure...
Trend Micro Enterprise Security white paper
This white paper reviews the content security threat landscape and how it has evolved into a more dangerous and high risk environment. The paper discussed how conventional content security approaches...
Smart Protection E-Book
"Outthink the Threat: Why conventional protection is no match for new data-stealing malware & the Trend Micro Smart Protection Network is." Discover how cyber criminals are rendering traditional security solutions...
Secure Desktop On-Demand Webcast
The desktop or endpoint is one of the most vulnerable parts of your environment. Threats are everywhere. You have users who love to experiment with device settings (only to wonder...
Trend Micro Web Threats WP
Web threats pose a broad range of risks, including financial damages, identity theft, loss of confidential business information, theft of network resources, damaged brand or personal reputation, and erosion of...
The Past, Present and Future of Whitelisting
The explosion in malware and zero-day vulnerabilities over the last several years has limited the effectiveness of blacklisting technology. While still important, it must be augmented with other technologies such...
