Newsletter of the Association of Library and Information Science Students (ALISS)
HOME

ALISS

iSchool

UW

 title of the newsletter: The Silverfish

 

June 2004

Vol VIII Issue V


Next article >>  

HiVE – A Honeywall Data Analysis System



Abstract:

A Honeynet is an information security system that the Honeynet Project research organization developed to collect network exploit information. The system consists of two computers, one dummy production machine called the Honeypot designed to be attacked, and one logging machine called the Honeywall that collects all network packets entering or leaving the Honeypot. The data captured allows security professionals to learn about how attacks are carried out and what they look like at the lowest level. Unfortunately, data analysis on the current Honeywall system is very tedious and time consuming. The tools available are difficult to set up and use. The user interface is counter-intuitive and the data is hard to understand. To answer these problems, we wanted to create a centralized system that enables users to collect and correlate data from distributed Honeynets and then analyze the data in a powerful yet intuitive Honeynet data analysis interface. This interface should be simple enough for inexperienced users, but powerful enough to support detailed analysis. To gather the requirements for our system, we did detailed interviews and ethnography with three Honeynet users of very different skill and experience levels. Using this data, we created a persona of target user and several wire frames which would be used to justify our design choices. Our final system is a web-based interface using a combination of state of the industry open-source web technologies to tie into a database that stores Honeynet data. After creating an initial system, we presented it to Honeynet users to gather their feedback. This gave us many insights into where our system may need to improve, but also gave us hope that we are on the right track. We hope to incorporate our user feedback into the next iteration of our system.

Next article >>