Seclab - Honeynet

Basically, honeypots are victim systems which keep track of attacks in a controlled way. Thus, they provide deep insight into the approach taken by the attacker and – in some cases - into the internal mechanisms of the malware captured.

• Proactive Attack Sensors complement Intrusion Detection
• Automation of Attack Analysis and Classification
• Active Sensor Development
• Malware Traps

The work group Communication Systems has more than 10 years of experience in this field. In close co-operation with the Federal Office for Information Security (BSI) these activities have been substantially intensified since 2007.

As a central component of comprehensive, real-world oriented research, the work group operates a system of different honeypots with sensors within the networks of different internet service providers. Valuable information is also collected via several sensors inside the university network as well as from the extensive integration into both the national and the international honeypot community. Some honeypot components developed by members of the work group have been deployed world-wide.

Our SecLab pages provide a realtime overview of automated analysis results for the data we collect in our honeynet. Trends like the amount of attacks, the geographic locations of attacking systems, or collected malware can help in detecting new phenomenons as worm outbreaks or novel and area-wide exploited vulnerabilities. The sensor systems and analysis methods are being constantly improved and further developed to increase the lab's early threat detection capabilities