The Leurre.com Project: Collecting internet threats information using a worldwide distributed honeynet

C. Leita, V. H. Pham, O. Thonnard, E. Ramirez-Silva, F. Pouget, E. Kirda, M. Dacier

Research output: Chapter in Book/Report/Conference proceedingConference contribution

29 Scopus citations

Abstract

This paper aims at presenting in some depth the Leurre.com project and its data collection infrastructure. Launched in 2003 by the Institut Eurecom, this project is based on a worldwide distributed system of honeypots running in more than 30 different countries. The main objective of the project is to get a more realistic picture of certain classes of threats happening on the Internet, by collecting unbiased quantitative data in a long-term perspective. In the first phase of the project, the data collection infrastructure relied solely on low-interaction sensors based on Honeyd [24] to collect unsolicited traffic on the Internet. Recently, a second phase of the project was started with the deployment of medium-interaction honeypots based on the ScriptGen [15] technology, in order to enrich the network conversations with the attackers. All network traces captured on the platforms are automatically uploaded into a centralized database accessible by the partners via a convenient interface. The collected traffic is also enriched with a set of contextual information (e.g. geographical localization and reverse DNS lookups). This paper presents this complex data collection infrastructure, and offers some insight into the structure of the central data repository. The data access interface has been developed to facilitate the analysis of today's Internet threats, for example by means of data mining tools. Some concrete examples are presented to illustrate the richness and the power of this data access interface. By doing so, we hope to encourage other researchers to share with us their knowledge and data sets, to complement or enhance our ongoing analysis efforts, with the ultimate goal of better understanding Internet threats. © 2008 IEEE.
Original languageEnglish (US)
Title of host publicationProceedings - WOMBAT Workshop on Information Security Threats Data Collection and Sharing, WISTDCS 2008
Pages40-57
Number of pages18
DOIs
StatePublished - Nov 6 2008
Externally publishedYes

Fingerprint

Dive into the research topics of 'The Leurre.com Project: Collecting internet threats information using a worldwide distributed honeynet'. Together they form a unique fingerprint.

Cite this