honeynet和spark的交集

叫大点就是“基于数据挖掘的恶意行为分析”。基于数据挖掘使用splunk,恶意行为分析使用honeynet/honeywall

spark和splunk? 大量数据由spark负责保存,splunk负责算法(FIXME)

这是使用honeynet的一个良好示例。重点是他们的部署策略

大规模部署honeynet,然后使用安全工具复制获得威胁信息()


使用统计工具splunk分析获得的日志


使用安管中心分析和操控整个系统的部署和恶意分析(这部份的开发放在sf.net上)


DEPLOYMENTS

1 Large-Scale Honeynet deployments 1.1 Get funding from National Science Council and Ministry of Education to establish large-scale honeynet in Taiwan Academic Network (TANet) 1.2 Build a lot of virtual honeynet in TANet and deployment of more than 6000 IP address. 1.3 Using Honeywall, Dionaea, Kippo, Capture-HPC, Cuckoo and security tools. 1.4 Using Splunk to analysis honeynet logs. 1.5 Information Integration System Design and Development(Security Dashboard) 2 Design malware analysis platform that is named TWMAN (TaiWan Malware Analysis Net, twman.nchc.org.tw) and release in Sourceforge (twman.sourceforge.net). 3 Cloud based Vulnerability Scanners and network forensics collecting evidence 4 Visualization framework for security analysis






参考

http://www.honeynet.org/node/1145

你可能感兴趣的:(honeynet和spark的交集)