Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis
Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm
M. Vrable, J. Ma, J. Chen, D. Moore, E. Vandekieft, A. Snoeren, G. Voelker, and S. Savage, "Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm", ACM Symposium on Operating System Principles (SOSP), vol. 39, no. 5, pp. 148--162, Oct 2005.
|   View full paper:    PDF    |  Citation:    BibTeX   |

Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm

Michael Vrable2
Justin Ma2
Jay Chen3
David Moore1
Erik Vandekieft4
Alex Snoeren2
Geoffrey Voelker2
Stefan Savage2
1

CAIDA, San Diego Supercomputer Center, University of California San Diego

2

Department of Computer Science and Engineering,
University of California, San Diego

3

Dept. of Computer Science, Courant Institute of Mathematical Sciences, New York University

4

IBM, North Carolina

The rapid evolution of large-scale worms, viruses and botnets have made Internet malware a pressing concern. Such infections are at the root of modern scourges including DDoS extortion, on-line identity theft, SPAM, phishing, and piracy. However, the most widely used tools for gathering intelligence on new malware - network honeypots - have forced investigators to choose between monitoring activity at a large scale or capturing behavior with high fidelity. In this paper, we describe an approach to minimize this tension and improve honeypot scalability by up to six orders of magnitude while still closely emulating the execution behavior of individual Internet hosts. We have built a prototype honeyfarm system, called Potemkin, that exploits virtual machines, aggressive memory sharing, and late binding of resources to achieve this goal. While still an immature implementation, Potemkin has emulated over 64,000 Internet honeypots in live test runs, using only a handful of physical servers.

Keywords: security
  Last Modified: Wed Oct-11-2017 17:03:52 PDT
  Page URL: http://www.caida.org/publications/papers/2005/potemkin/index.xml