The Honeynet Project

ORGANIZATION
1.    Changes in the structure of your organization.
a)    There has been no major changes in the structure of our organization
2.    List current chapter members and their activities
a.     Napoleon Paxton (Chapter Lead) – conducting research on the patterns of malicious hackers and how to use those patterns in detecting attacks and creating signatures to prevent attacks
b.    Max Kilger (Honeynet Membership Committee Chairman)
c.     Michelle Cox, Constance Kellen, Hunter Loftis, Mark Plemmons, and Adam Wenner – conducting botnet analysis
d.    Dr. Brent Kang, Chris Nunnery, Jonathan Peterson, and Zachariah Wadler are conducting p2p botnet analysis
e.    Dr. Tom Holt, Joshua Soles, and Michelle Cox are conducting intelligence analysis on malware writers
DEPLOYMENTS
1.    List current technologies deployed.
a)    Low-Interaction Honeypots:• Nepenthes
b)     High-Interaction Honeypots:• GenIII Honeynet with Windows XP honeypots for online bot analysis:  Bots captured with Nepenthes are installed on honeypots and allowed to connect to their command and control servers.  Data captured is then analyzed for malicious activities 
2.    Activity timeline: Highlight attacks, compromises, and interesting information collected.
a)    See our papers for details
RESEARCH AND DEVELOPMENT
1.    List any new tools, projects or ideas you are currently researching or developing.
a)    We are currently researching ways to determine the motives of hackers and how to use those motives to detect their activity.
b)    We are working on methods to defend against fast flux networks
c)    We are continuing our research on IRC botnets and how to defend against them
2.    List tools you enhanced during the last year
a)    None to report at this time
3.    Would you like to integrate this with any other tools, or you looking for help or collaboration with others in testing or developing the tool?
a)    Currently we are not looking for help in testing or developing tool, but we may be looking for more collaboration opportunities in this coming year
4.    Explain what kind of help or tools or collaboration you are interested in.
a)    We are always interested in data analysis tools
b)    We are also interested in obfuscation tools
FINDINGS
1.    Highlight any unique findings, attacks, tools, or methods.
a)    None to report at this time
2.    Any trends seen in the past year?
a)    See our papers for details
3.    What are you using for data analysis?
a)    Custom tools, wireshark, truman sandnet, walleye, perileyze
4.    What is working well, and what is missing, what data analysis functionality would you like to see developed?
a)    We would like to see new analysis tools that combine the strengths of multiple analysis tools to reduce the time of analysis and reduce the amount of data analyzed
PAPERS AND PRESENTATIONS
1.    Papers of Relevance:
a)    "Towards Complete Node Enumeration in a Peer-to-Peer Botnet" which was just accepted to  ASIACCS 2009 (it will be in March of this year). Authors: Brent ByungHoon Kang, Eric Chan-Tin, Christopher P. Lee, James Tyra, Hun Jeong Kang, Chris Nunnery, Zachariah Wadler, Greg Sinclair, Nicholar Hopper, David Dagon, and Yongdae Kim 
b)    “Examining the Applicability of Lifestyle-Routine Activities Theory for Cybercrime Victimization.” 2009. Authors: Holt, Thomas J. and Adam M. Bossler.   
c)    “Techcrafters and Makecrafters: A Comparison of Two Populations of Hackers.” Proceedings of the Invitation-Only Worldwide Observatory of Malicious Behaviors and Attack Threats Conference, Amsterdamn, NL, 21-22 April 2008. Authors: Holt, Thomas J. and Max Kilger.  
d)     “Characterizing Malware Writers and Computer Attackers in Their own Words.” Proceedings of the International Conference on Information Warfare and Security, Peter Kiewit Institute, University of Nebraska Omaha, USA, 24-25 April 2008.  Authors:  Holt, Thomas J., Joshua Soles, and Lyudmila Leslie. 
e)    “Understanding IRC Bot Behaviors in a Network-centric Attack Detection and Prevention Framework“. .” Proceedings of the International Conference on Information Warfare and Security, Peter Kiewit Institute, University of Nebraska Omaha, USA, 24-25 April 2008.  Authors:  Gail-Joon Ahn, Napoleon Paxton, and Kevin PearsonUniversity of North Carolina at Charlotte, NC, USA
 
f)     “A Profile of the Demographics, Psychological Predispositions, and Social/Behavioral Patterns of Computer Hacker Insiders and Outsiders.”  Forthcoming in the edited book Online Consumer Protection: Theories of Human Relativism.2008 Authors:  Schell, Bernadette H. and Thomas J. Holt.   
 
2.    Presentations of relevance:
 
a)    “Social Networks in the computer underground.”  Presented at the U.S. Secret Service’s Charlotte Electronic crimes task force meeting, Charlotte, North Carolina, October 7, 2008. Author: Holt, Thomas J.
b)     “Social Networks in the Computer Underground.”  Presented at the Congresso de Seguridad en Computo 2008, Mexico City, Mexico, September 25-26, 2008. Author:  Holt, Thomas J. 
c)    “The Social Networks of the Malware Community.”  Presented at the First Annual UNC-Charlotte Interdisciplinary Conference on Cybercrime, Charlotte, North Carolina, May 15, 2008. Author:  Holt, Thomas J.   
3.    Are you looking for any data or people to help with your papers? 
a)    We are always interested in people wanting to collaborate with in the areas of botnet research and social behaviors of hackers, but nothing in particular at this time
GOALS
1.    Which of your goals did you meet for the past year?
a)    Updated our honeynet architecture
b)    Published several achedemic papers
c)    Presented several posters at workshops and conferences
2.    Goals for the next year.
a)    Release analysis tools to the community
b)    Publish more achedemic papers
MISC ACTIVITIES
None to report at the moment