honeynet和spark的交集

叫大点就是“基于数据挖掘的恶意行为分析”。基于数据挖掘使用splunk，恶意行为分析使用honeynet/honeywall

spark和splunk? 大量数据由spark负责保存，splunk负责算法（FIXME)

这是使用honeynet的一个良好示例。重点是他们的部署策略

大规模部署honeynet,然后使用安全工具复制获得威胁信息（）

使用统计工具splunk分析获得的日志

使用安管中心分析和操控整个系统的部署和恶意分析（这部份的开发放在sf.net上）

DEPLOYMENTS

1 Large-Scale Honeynet deployments 1.1 Get funding from National Science Council and Ministry of Education to establish large-scale honeynet in Taiwan Academic Network (TANet) 1.2 Build a lot of virtual honeynet in TANet and deployment of more than 6000 IP address. 1.3 Using Honeywall, Dionaea, Kippo, Capture-HPC, Cuckoo and security tools. 1.4 Using Splunk to analysis honeynet logs. 1.5 Information Integration System Design and Development(Security Dashboard) 2 Design malware analysis platform that is named TWMAN (TaiWan Malware Analysis Net, twman.nchc.org.tw) and release in Sourceforge (twman.sourceforge.net). 3 Cloud based Vulnerability Scanners and network forensics collecting evidence 4 Visualization framework for security analysis

参考

http://www.honeynet.org/node/1145