The Leurre.com Project: Collecting internet threats information using a worldwide distributed honeynet

C. Leita, V. H. Pham, O. Thonnard, E. Ramirez-Silva, F. Pouget, E. Kirda, M. Dacier

Research output: Chapter in Book/Report/Conference proceedingConference contribution

24 Citations (Scopus)

Abstract

This paper aims at presenting in some depth the Leurre.com project and its data collection infrastructure. Launched in 2003 by the Institut Eurecom, this project is based on a worldwide distributed system of honeypots running in more than 30 different countries. The main objective of the project is to get a more realistic picture of certain classes of threats happening on the Internet, by collecting unbiased quantitative data in a long-term perspective. In the first phase of the project, the data collection infrastructure relied solely on low-interaction sensors based on Honeyd [24] to collect unsolicited traffic on the Internet. Recently, a second phase of the project was started with the deployment of medium-interaction honeypots based on the ScriptGen [15] technology, in order to enrich the network conversations with the attackers. All network traces captured on the platforms are automatically uploaded into a centralized database accessible by the partners via a convenient interface. The collected traffic is also enriched with a set of contextual information (e.g. geographical localization and reverse DNS lookups). This paper presents this complex data collection infrastructure, and offers some insight into the structure of the central data repository. The data access interface has been developed to facilitate the analysis of today's Internet threats, for example by means of data mining tools. Some concrete examples are presented to illustrate the richness and the power of this data access interface. By doing so, we hope to encourage other researchers to share with us their knowledge and data sets, to complement or enhance our ongoing analysis efforts, with the ultimate goal of better understanding Internet threats.

Original languageEnglish
Title of host publicationProceedings - WOMBAT Workshop on Information Security Threats Data Collection and Sharing, WISTDCS 2008
Pages40-57
Number of pages18
DOIs
Publication statusPublished - 6 Nov 2008
EventWOMBAT Workshop on Information Security Threats Data Collection and Sharing, WISTDCS 2008 - Amsterdam, Netherlands
Duration: 21 Apr 200822 Apr 2008

Publication series

NameProceedings - WOMBAT Workshop on Information Security Threats Data Collection and Sharing, WISTDCS 2008

Conference

ConferenceWOMBAT Workshop on Information Security Threats Data Collection and Sharing, WISTDCS 2008
CountryNetherlands
CityAmsterdam
Period21/4/0822/4/08

    Fingerprint

ASJC Scopus subject areas

  • Computer Science Applications
  • Information Systems

Cite this

Leita, C., Pham, V. H., Thonnard, O., Ramirez-Silva, E., Pouget, F., Kirda, E., & Dacier, M. (2008). The Leurre.com Project: Collecting internet threats information using a worldwide distributed honeynet. In Proceedings - WOMBAT Workshop on Information Security Threats Data Collection and Sharing, WISTDCS 2008 (pp. 40-57). [4627314] (Proceedings - WOMBAT Workshop on Information Security Threats Data Collection and Sharing, WISTDCS 2008). https://doi.org/10.1109/WISTDCS.2008.8