ShadowNet: An Active Defense Infrastructure for Insider Cyber Attack Prevention
Conference
·
OSTI ID:1048708
- ORNL
The ShadowNet infrastructure for insider cyber attack prevention is comprised of a tiered server system that is able to dynamically redirect dangerous/suspicious network traffic away from production servers that provide web, ftp, database and other vital services to cloned virtual machines in a quarantined environment. This is done transparently from the point of view of both the attacker and normal users. Existing connections, such as SSH sessions, are not interrupted. Any malicious activity performed by the attacker on a quarantined server is not reflected on the production server. The attacker is provided services from the quarantined server, which creates the impression that the attacks performed are successful. The activities of the attacker on the quarantined system are able to be recorded much like a honeypot system for forensic analysis.
- Research Organization:
- Oak Ridge National Laboratory (ORNL)
- Sponsoring Organization:
- ORNL work for others
- DOE Contract Number:
- AC05-00OR22725
- OSTI ID:
- 1048708
- Country of Publication:
- United States
- Language:
- English
Similar Records
Identifying and Analyzing Web Server Attacks
Use of Deception to Improve Client Honeypot Detection of Drive-by-Download Attacks
Cyber Attack Sequences Generation for Electric Power Grid
Book
·
Fri Aug 29 00:00:00 EDT 2008
·
OSTI ID:983441
Use of Deception to Improve Client Honeypot Detection of Drive-by-Download Attacks
Book
·
Fri Jul 24 00:00:00 EDT 2009
·
OSTI ID:985019
Cyber Attack Sequences Generation for Electric Power Grid
Conference
·
Tue May 03 00:00:00 EDT 2022
·
OSTI ID:1872531