ShadowNet: An Active Defense Infrastructure for Insider Cyber Attack Prevention
- ORNL
The ShadowNet infrastructure for insider cyber attack prevention is comprised of a tiered server system that is able to dynamically redirect dangerous/suspicious network traffic away from production servers that provide web, ftp, database and other vital services to cloned virtual machines in a quarantined environment. This is done transparently from the point of view of both the attacker and normal users. Existing connections, such as SSH sessions, are not interrupted. Any malicious activity performed by the attacker on a quarantined server is not reflected on the production server. The attacker is provided services from the quarantined server, which creates the impression that the attacks performed are successful. The activities of the attacker on the quarantined system are able to be recorded much like a honeypot system for forensic analysis.
- Research Organization:
- Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
- Sponsoring Organization:
- Work for Others (WFO)
- DOE Contract Number:
- DE-AC05-00OR22725
- OSTI ID:
- 1048708
- Resource Relation:
- Conference: The 12th International Conference on Computational Science and Its Applications (ICCSA 2012), Salvador, Brazil, 20120618, 20120621
- Country of Publication:
- United States
- Language:
- English
Similar Records
Cyber Attack Sequences Generation for Electric Power Grid
Detecting and Blocking Network Attacks at Ultra High Speeds