Honeynets have become an important tool for researchers and network operators. However, the lack of a unified honeynet data model has impeded their effectiveness, resulting in multiple unrelated data sources, each with its own proprietary access method and format. Moreover, the deployment and management of a honeynet is a timeconsuming activity and the interpretation of collected data is far from trivial.
For these reasons we have created HIVE (Honeynet Infrastructure in Virtualized Environment), a new highly scalable automated data collection and analysis architecture, which is built on top of proven FLOSS (Free, Libre and Open Source) solutions integrated and extended with new tools we developed. HIVE uses virtualization to ease honeypot management and deployment, combining both high-interaction and low-interaction sensors in a common infrastructure. Our system addresses the need for rapid comprehension and detailed data analysis by harnessing the power of a relational database system, which provides centralized storage and access to the collected data while ensuring its constant integrity. Finally, HIVE features some integrated tools for the active monitoring of centralized botnets.
HIVE Source Code [tar.bz2 - 60kB]
Readme
License
Davide Cavalca and Emanuele Goldoni, HIVE: an Open Infrastructure for Malware Collection and Analysis. In
Proc. of the 1st Workshop on Open Source Software for Computer and Network Forensics (OSSCoNF'08), ISBN 978-88-903120-1-4, September 2008 (
Preprint) (
Presentation)