5.1 Conclusion
The main purpose of this thesis is to improve the design and concept of conventional Honeynet architectures. This works propose the VHSP and designs the VHRM for solving SM and HM of the virtual system bypassed problems. Based on our approach, the VHSP modules can choose an appropriate method in the Virtual Machine-based scheme for various design conditions. Compared with the conventional deployment as a benchmark to quantify, in this work it only needs about 33% of hardware requirements, saving 66%. Therefore, this work has contributed a better operating strategy of software and hardware resources, from the perspective of technological development and innovation. Our proposed VHSP is not only a cost-effective design but also a more flexible security research platform. Moreover, the VHSP also conforms to the latest concept of Green IT design. In the near future, the VHSP can support and include those approaches and methodology to the Taiwan Honeynet Project.
5.2 Future Works
z The VMI of the Honeynet and VMM needs to be technological integrated.
z The first security issue for Taiwan Honeynet Project is to collect malware samples.
z Distributed VHSP, (DVHSP) is a good direction for research and design in Taiwan’s Research Network (Taiwan Honeynet Project).
z In order to enhance the VHRM performance, a new mechanism called Physical Network Interface Honeypot Redirect Mechanism (PNIHRM) that is a good direction to enhance and support packet throughput performance.
z A new security research architecture is the Honeynet Central Management System (HCMS). All of Distributed VHSP components that include system resources and all processes will be Real-Time Monitoring (RTM) and Management.
References
[1] Bhatia, J.S., Sehgal, R., Bhushan, B., and Kaur, H., “A case study on host based data analysis & cyber criminal profiling in Honeynets”, in Proceedings of the IEEE COMSNETS International Communication Systems and Networks and Workshops, pp. 11-21, 2009.
[2] Chamales, G., “The Honeywall CD-ROM”, IEEE Journal of Security & Privacy, vol. 2, pp. 77-79, Mar. 2004.
[3] Honeynet Project, Know Your Enemy:Learning about Security Threats, Second Edition, Addison-Wesley Professional Publishers, May 27, 2004.
[4] Raynal, F., Berthier, Y., Biondi, P., and Kaminsky, D., “Honeypot forensics part 1: analyzing the network”, IEEE Journal of Security & Privacy, vol. 2, pp. 72-78, Aug. 2004.
[5] Spitzner, L., “The Honeynet Project: trapping the hackers”, IEEE Journal of Security & Privacy, vol. 1, pp15-23, Mar. 2003.
[6] Raynal, F., Berthier, Y., Biondi, P., and Kaminsky, D., “Honeypot forensics part 2: analyzing the compromised host”, IEEE Journal of Security & Privacy, vol. 2, pp. 77-80, Oct. 2004.
[7] Nance, K., Bishop, M., and Hay, B., “Virtual Machine Introspection: Observation or Interference”, IEEE Journal of Security & Privacy, vol. 6, pp. 32 - 37, Oct.
2008.
[8] Uhlig, R., Neiger, G., Rodgers, A.L., Martins, F.C.M., Anderson, A.V., Bennett, S.M., Kagi, A., Leung, F.H., and Smith, L. “Intel virtualization technology”, IEEE Journal of Computer, vol. 38, pp. 48-56, May. 2005.
[9] Xu, X., and Zhou, F., “Quantifying Performance Properties of Virtual Machine”, in Proceedings of the IEEE ISISE International Symposium on Information Science and Engineering, pp. 24-28, 2008.
[10] Zhang, X., and Dong, Y., “Optimizing Xen VMM Based on Intel Virtualization Technology”, in Proceedings of the IEEE ICICSE International Conference on Internet Computing in Science and Engineering, pp. 367-374, 2008.
[11] Chen, W., Lu, H., Shen, L., Wang, Z., Xiao, N., and Chen D., “ A Novel Hardware Assisted Full Virtualization Technique“, in Proceedings of the IEEE ICYCS International Conference for Young Computer Scientists, 2008, pp.
1292-1297, 2008.
[12] Barham, P., Dragovic, B., Ho, A., Neugebauer, R., Pratt, I., and Warfield, A.,“Xen and the art of virtualization”, in Proceedings of the ACM symposium on Operating systems principles, pp.164-177, 2003.
[13] Govindan, S., Choi, J.G., Nath, A.R., Das, A., Urgaonkar, B., and Sivasubramaniam, A., “Xen and Co.: Communication-Aware CPU Management in Consolidated Xen-Based Hosting Platforms”, IEEE Trans. on Computers, vol.
58, No. 8, pp. 1111- 1125, 2009.
[14] Zanoramy, W., Zakaria, A., Rohaidah, S., and Norazah A, “Deploying virtual honeypots on virtual machine monitor”, in Proceedings of the IEEE ITSim International Symposium on Information Technology, pp.1-5, 2008.
[15] Xianghua, X., and Peipei, S., “Performance Evaluation of the CPU Scheduler in XEN”, in Proceedings of the IEEE ISISE International Symposium on Information Science and Engineering, pp.68-72, 2008.
[16] Cameron, K.W., “The Road to Greener IT Pastures”, IEEE Journal of Computer, vol. 42, pp. 87-89, May. 2009.
[17] Murugesan, S., “Harnessing Green IT: Principles and Practices”, IEEE Journal of IT Professional, vol. 10, pp. 24-33, Jan. 2008.
[18] Ruth, S., “Green IT More Than a Three Percent Solution”, IEEE Journal of Internet Computing, vol. 13, pp. 74 – 78, Aug. 2009.
[19] Chang, C.-H., “A Low-Cost Green IT Design and Application of VHSP based on Virtualization Technology”, in Proceedings of the IEEE SecureCom’09 International Symposium on Secure Computing, Aug. 2009, Vancouver, Canada.
[20] Chang, C.-H., and Hsiao, T.-C., “A Low-Cost Green IT Concept Design of VHSP based on Virtualization Technology”, Accepted and to appear in 2009 IEEE SMC International Conference on Systems, Man, and Cybernetics, Oct.
2009, San Antonio, Texas, USA.
[21] Huang, N.-F., Kao, C.-H., Hun, H.-W., and Lin, C.-L., “Apply data mining to defense-in-depth network security system“, in Proceedings of the IEEE AINA International Conference on Advanced Information Networking and Applications, vol. 1, pp. 159-162, 2005.
[22] Yoshimoto, M., Bista, B.B., and Takata, T., “Development of security scanner with high portability and usability”, in Proceedings of the IEEE AINA International Conference on Advanced Information Networking and Applications, vol. 2, pp. 407-410, 2005.
[23] Koller, R., Rangaswami, R., Marrero, Smith, G., Barsilai, M., Necula, S., Sadjadi, S.M., Tao Li, and Merrill, K., “Anatomy of Real-Time Intrusion Prevention System”, in Proceedings of the IEEE ICAC International Conference on Autonomic Computing, pp. 151-160, 2008.
[24] Kenneth J.D., and Cheriton D.R., “Borrowed-Virtual-Time (BVT) scheduling”, in Proceedings of the ACM symposium on Operating systems principles, pp.
261-276, 1999.
Vita
Chih-Hung Chang is currently an Information Security Engineer at National Center for High-performance computing (NCHC), Taiwan. He is joining the Information Security Team. He obtained B.S. in Information Management from the College of Computer Science & Informatics, and obtained B.S. in Foreign Languages and Literature, at Chung Hua University. He is currently a Master degree student at College of Computer Science, National Chiao Tung University (NCTU), Taiwan. His research interests include Network Security, Virtualization, and Cloud Computing.