2012年12月27日 星期四

2013 Honeynet Project Workshop


2013年的The Honeynet Project Workshop將在杜拜舉行,2月10~12日的公開會議,將會辦理研討會以及教育訓練課程,歡迎有興趣的資安研究人員可一同前往。



The 2013 Honeynet Project Security Workshop brings together experts in the field of information security from around the world to share the latest advances and threats in information security research.

Organized by the The Honeynet Project this three-day workshop features a rare, outstanding line-up of international security professionals who will present on the latest research tools and findings in the field. This year's workshop will be held at the wonderful 5-star luxury hotel The Address Dubai Mall in Dubai UAE on 10-12 February 2013. The workshop includes one-day of briefings and two days of hands-on tutorial trainings.

Presentation topics cover the latest honeynet/honeypot technology, android security and social network security from The Honeynet Project and Facebook. This year, we also offer several security training courses. If you're looking to attend a high quality and challenging workshop and to learn the practical security skills, then we encourage you to take advantage of this rare opportunity.


會議網站  http://dubai2013.honeynet.org/
報名網址  http://dubai2013.honeynet.org/register.html

2012年12月6日 星期四

網站重生

為考量與全球誘捕技術以及The Honeynet Project官方網站的資料連結,目前網站的管理與資料正進行轉移,因此預計2013年1月1日後,台灣分會的網站會重新上線,敬請期待!

2012年10月31日 星期三

Taiwan Chapter Status Report for 2012

ORGANIZATION
The Honeynet Project Taiwan Chapter was founded in November 2008. Now we are an independent non-profit organization in Taiwan.
By cooperating with research institutes and regional network centers, hundreds of honetpots have been deployed around Taiwan Academic Network (TANet) and Taiwan Advanced Research and Education Network (TWAREN) for collecting malware samples and detecting network attack traffic.

GOALS
The mission of The Honeynet Project Taiwan Chapter is to fight against malware and raise public awareness of current network threats.

Chapter Member:
Yi-Lang Tsai, Chapter Leader
Yu-Chin Cheng, Board Of Director, Full Member
Po Huang, Contributor
Bo-Yil Lee, Contributor
Jack Hsu, Contributor
Jerry Huang, Contributor

Alumnus:
Eugene Yeh
Dan Chang
Pei-Hsuan Huang

This year we are expected to add more members and contributors in Taiwan. They are come from different university, organization or information security researcher.

The activities of the chapter include the following:
1. Malware behavior analysis and categorization
2. Network attack detection and analysis
3. Information security incident response.
4. A member of Taiwan Academic Information Sharing and Analysis Center
5. Big data indexing and information mining technology
6. Digital Forensics about system and network analysis
7. Botnet detection and behavior analysis

DEPLOYMENTS
1 Large-Scale Honeynet deployments
1.1 Get funding from National Science Council and Ministry of Education to establish large-scale honeynet in Taiwan Academic Network (TANet)
1.2 Build a lot of virtual honeynet in TANet and deployment of more than 6000 IP address.
1.3 Using Honeywall, Dionaea, Kippo, Capture-HPC, Cuckoo and security tools.
1.4 Using Splunk to analysis honeynet logs.
1.5 Information Integration System Design and Development(Security Dashboard)
2 Design malware analysis platform that is named TWMAN (TaiWan Malware Analysis Net) and release in Sourceforge (twman.sourceforge.net) and OpenFoundry (twman.openfoundry.org)
3 Cloud based Vulnerability Scanners and network forensics collecting evidence
4 Visualization framework for security analysis

RESEARCH AND DEVELOPMENT
Research
The main goal of our research focuses on honeynet deployment, malware collection, malware behavior analysis, botnet tracking, malware testbed and distributed data mining. The honeynet have collected a big data about automatic attack from malware. It is an important issue about botnet research in Taiwan. We are trying to analysis malware samples and development ontology researching.

Development
1. Taiwan Malware Analysis Net
The Project of Taiwan Malware Analysis Net (TWMAN) begins in 2010. The first phase of TWMAN project is to develop a platform for malware analysis. Unlike other dynamic analysis techniques which use virtual machines, TWMAN build experimental environment with physical operation system in order to fight against those malwares using anti-VM techniques. Instead of the development of malware analysis tool, TWMAN project is going to extend itself from a malware analyzer to a complete malware analysis net including three different components: malware collection, behavior analysis and knowledge management. With the new face of TWMAN, various sorts of malware information could be integrated into one single system. It would provide valuable data and materials for security researchers and IT specialists to defeat malware threat and contribute to advanced research.

2. Data mining technology development
According to our collection the big data from distributed honeynet. We are using Splunk solution to development search rules and reports. Our programmer and contributor have written some parser to analysis honeynet logs.

3. Visualization security data
We are testing DAVIX toolkit, Google earth API and Gephi for data visualization. Because, there are 50GB events log from honeynet. So we need to visualization for security data. That is based on our security dashboard to monitoring security threats in our security operation center.

FINDINGS
Threat List
Monitoring suspicious network traffic is a main work of Taiwan Chapter. 5240 different IP address of suspicious network attacker have been identified from January 2012 to September 2012 as the report is submitted. The threat list has been shared with the authority of Taiwan Academic Network (TANet) and other regional network centers in order to reduce the risk and threat from outer attackers.

Unique Malware Sample
5710 unique malware samples have been collected from January 2012 to September 2012 as the report is submitted. All the collected malware samples would be analyzed by three different malware analyzers. The analysis results would be centralized into a knowledge management system and share to Government Information Sharing and Analysis Center (G-ISAC) and Malware Exchange System (MES) in Taiwan.

PAPERS AND PRESENTATIONS
List of Publications:
1 Yi-Lang Tsai, Lo-Yao Yeh, Bo-Yil Lee, and Jee-Gong Chang, “Poster Abstract: Automated Malware Analysis Framework with Honeynet Technology in Taiwan Campus,” 18th IEEE International Conference on Parallel and Distributed System, Singapore, December 17-19, 2012.
2 Yi-Lang Tsai and Bo-Yil Lee, “TaiWan Malware Analysis Net”, TANet 2012, Taoyuan, Taiwan, Oct. 23-25, 2012.

Conference:
“Innovation Information Security Workshop in Taiwan 2012” hosted and organized by The Honeynet Project Taiwan Chapter. We have one day conference and one day honeynet technical workshop.

Presentations:
We are using Honeynet technology to detection botnet activity and invited to presentation or sharing our experience.

1. Talk by Yi-Lang Tsai on 2012/06/25 about "Security threaten: Cloud security and Botnet " organized by TAIS 2011(Taiwan Academic Information Security International Conference).
2. Talk by Bo-Yil Lee on 2012/07/06 about “Malware Analysis and TWMAN” organized by Multi-Level Information security Research Platform.
3. Talk by Yi-Lang Tsai on 2012/09/24 about "Ghost is in the Cloud" organized by WWSMC 2012 Taipei.
4. Talk by Yi-Lang Tsai on 2012/10/23 about "TaiWan Malware Analysis Net" organized by TANet 2012.

GOALS
The goal of our chapter is to develop honeynet in major campus in Taiwan and to deal with security incidents. In addition, we embark on the visualization for security data and the integration of information security analysis systems. The optimal vision is to reduce information security threats in the network environment of Taiwan.

MISC ACTIVITIES
We are planning co-work with the security research team in Taiwan to organize information security association.