No announcement yet.

(Nguyen Anh Quynh) Towards an Invisible Honeypot Monitoring System

This topic is closed.
  • Filter
  • Time
  • Show
Clear All
new posts

  • (Nguyen Anh Quynh) Towards an Invisible Honeypot Monitoring System

    I've been informed this presentation will not be happening (closed)

    Towards an Invisible Honeypot Monitoring System
    Nguyen Anh Quynh, PhD student of Keio University, Japan

    The Honeypot is a decoy system to trap attackers, and data capture tool is one of the core components of the honeypot architecture. The most vital requirement of this component is that it must function as stealthily as possible, so the intruder is not aware of its presence. Currently Sebek is the most sophisticated tool for this purpose. Unfortunately Sebek is rather easy to detect, even with unprivileged right access. This talk discusses the drawbacks of Sebek, then proposes an architecture and implementation of a tool named Xebek. Based on Xen Virtual Machine technology, Xebek aims to address the most outstanding problems of Sebek. While Xebek provides the similar features as Sebek does, our tool is far more "invisible" and harder to uncover. The experimental results also demonstrate that Xebek is more flexible, while the reliability and efficiency are improved over its counterpart.

    Nguyen Anh Quynh is a PhD student of Keio university, Japan. His research interests include computer security, networking, forensic, virtualization, robust system and Operating System. He is one of the key contributors of Xen Virtual Machine, and he also contributes to various other open source projects. Currently he is working on security problems of virtual machines, specifically focus on Xen.

    Despite his academia background, Quynh is very interested in the industrial conferences, where he can meet and exchange ideas with other people in the hacking community. He strongly believe that the key to a successful presentation is to balance academic and practical problems.