NoAH - European Network of Affined Honeypots
Friday, March 3. 2006
NoAH is a research project related to honeypots and funded by the European Commission. The aim is to build a pan-european network of advanced honeypots. The individual sensors exchange information and try to detect attacks - even 0days. The project is running since April 2005 and runs until the end of March 2008.
As part of the public deliverables, two documents have been published up to now:
Description from http://www.fp6-noah.org/about/:
NoAH is a three-year project to gather and analyse information about the nature of Internet cyberattacks. It will also develop an infrastructure to detect and provide early warning of such attacks, so that appropriate countermeasures may be taken to combat them.
The last few years have witnessed an increasing number of cyberattacks such as viruses, worms, trojans and spyware on the Internet. These are discouraging effective use of the Internet, are crippling IT infrastructures, and can take over large parts of networks within minutes. This often happens too quickly for humans to respond in time, which means that an automated structure is necessary to detect and contain them.
The NoAH project will design and develop a infrastructure for security monitoring based on honeypot technology. Honeypots are computer systems that do not provide production services, but are instead are intentionally made vulnerable and closely monitored to analyse attacksdirected at them. NoAH will use geographically-dispersed honeypots as an early-warning system, and will correlate the data received from them to generate automated warnings and possibly trigger appropriate containment measures. The aim is to help NRENs and ISPs limit damage to their networks, allow information security organisations to better assess threats, and provide researchers with a wealth of attack-related data to improve detection techniques.
NoAH involves eight partners from the academic, research and commercial sectors and represents a total investment of EUR 2,429,374; 60% of which is funded from the Research Infrastructures Programme of the European Union. The project started on 1 April 2005 and runs until 31 March 2008.
As part of the public deliverables, two documents have been published up to now:
Description from http://www.fp6-noah.org/about/:
NoAH is a three-year project to gather and analyse information about the nature of Internet cyberattacks. It will also develop an infrastructure to detect and provide early warning of such attacks, so that appropriate countermeasures may be taken to combat them.
The last few years have witnessed an increasing number of cyberattacks such as viruses, worms, trojans and spyware on the Internet. These are discouraging effective use of the Internet, are crippling IT infrastructures, and can take over large parts of networks within minutes. This often happens too quickly for humans to respond in time, which means that an automated structure is necessary to detect and contain them.
The NoAH project will design and develop a infrastructure for security monitoring based on honeypot technology. Honeypots are computer systems that do not provide production services, but are instead are intentionally made vulnerable and closely monitored to analyse attacksdirected at them. NoAH will use geographically-dispersed honeypots as an early-warning system, and will correlate the data received from them to generate automated warnings and possibly trigger appropriate containment measures. The aim is to help NRENs and ISPs limit damage to their networks, allow information security organisations to better assess threats, and provide researchers with a wealth of attack-related data to improve detection techniques.
NoAH involves eight partners from the academic, research and commercial sectors and represents a total investment of EUR 2,429,374; 60% of which is funded from the Research Infrastructures Programme of the European Union. The project started on 1 April 2005 and runs until 31 March 2008.
".
