Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

The Fraunhofer SIT malware analysis laboratory - establishing a secured, honeynet-based cyber threat analysis and research environment

 
: Brunner, M.; Epah, M.; Hofinger, H.; Roblee, C.; Schoo, P.; Todt, S.

:
Fulltext urn:nbn:de:0011-n-1414101 (304 KByte PDF)
MD5 Fingerprint: 3d30696f0f902ef711e199df17d069a3
Created on: 30.9.2010


Darmstadt: Fraunhofer SIT, 2010, 27 pp.
English
Report, Electronic Publication
Fraunhofer SIT ()
malware; honeypot; honeynets; internet early warning

Abstract
This report presents the design of a malware collection and analysis environment for operation in an enterprise context, to facilitate empirical improvements to malware detection and Internet early warning research. In addition to reviewing the overall system design, we describe the operational security measures employed to ensure the secure and isolated handling of malware and other malicious content. The environment uses honeypot, honeynet, and virtualisation technologies to collect and discreetly analyse the behaviour of malware samples circulating on the Internet. To avoid potential liability and damage to the enterprise, our design must minimise the inherent risks of cross-infection to local IT systems and third parties imposed by the collection and handling of malware. Our malware collection and analysis pipeline is based on a novel combination of existing open-source technologies that together offer a highly flexible experimental platform, while fulfilling our operational security obligations. Through careful technical and administrative measures, we are able to sufficiently minimise, if not undermine, the risk of undesired impact to both enterprise and third party systems. Experiences with our environment as a research tool will be presented in a future paper.

: http://publica.fraunhofer.de/documents/N-141410.html