ShadowNet: An Active Defense Infrastructure for Insider Cyber Attack Prevention

  • Xiaohui Cui
  • Wade Gasior
  • Justin Beaver
  • Jim Treadwell
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7336)


The ShadowNet infrastructure for insider cyber attack prevention is comprised of a tiered server system that is able to dynamically redirect dangerous/suspicious network traffic away from production servers that provide web, ftp, database and other vital services to cloned virtual machines in a quarantined environment. This is done transparently from the point of view of both the attacker and normal users. Existing connections, such as SSH sessions, are not interrupted. Any malicious activity performed by the attacker on a quarantined server is not reflected on the production server. The attacker is provided services from the quarantined server, which creates the impression that the attacks performed are successful. The activities of the attacker on the quarantined system are able to be recorded much like a honeypot system for forensic analysis.


Virtual Machine Forensic Analysis System Clone Insider Attack Insider Threat 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Salem, M.B., Hershkop, S., Stolfo, S.J.: A Survey of Insider Attack Detection Research. Advances in Information Security 39, 69–90 (2008)CrossRefGoogle Scholar
  2. 2.
    The eighth annual CSI/FBI 2003 report: Computer Crime and Security Survey (2003)Google Scholar
  3. 3.
    Stone, C.: Information Sharing in the Era of WikiLeaks: Balancing Security and Collaboration, Office of The Director of National Intelligence, Washington, DC (March 2011)Google Scholar
  4. 4.
    Bellovin, S.: The Insider Attack Problem Nature and Scope. Advances in Information Security 39, 69–90 (2008)CrossRefGoogle Scholar
  5. 5.
    Braz, F.A., Fernandez, E.B., VanHilst, M.: Eliciting Security Requirements through Misuse Activities. In: Proceedings of the 2008 19th International Conference on Database and Expert Systems Application (DEXA), pp. 328–333 (2008)Google Scholar
  6. 6.
    Bellovin, S.: There Be Dragons. In: Proc. of the Third Usenix Security Symposium, Baltimore MD (September 1992)Google Scholar
  7. 7.
    Bellovin, S.M.: Packets Found on an Internet. Computer Communications Review 23(3), 26–31 (July)Google Scholar
  8. 8.
    Spitzner, L.: Honeypots: Catching the Insider Threat. In: 19th Annual Computer Security Applications Conference (ACSAC 2003), p. 170 (2003)Google Scholar
  9. 9.
    Spitzner, L.: Honeypots: Tracking Hackers. Addison-Wesley Longman Publishing Co., Inc., Boston (2002)Google Scholar
  10. 10.
    Lyon, G.: Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security. Insecure Publisher, USA (2009) ISBN 9780979958717Google Scholar
  11. 11.
    Sun, Y., Luo, Y., Wang, X., Wang, Z., Zhang, B., Chen, H., Li, X.: Fast Live Cloning of Virtual Machine Based on Xen. In: 2009 11th IEEE International Conference on High Performance Computing and Communications, HPCC 2009, pp. 392–399 (2009)Google Scholar
  12. 12.
    Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: Proceedings of the ACM Symposium on Operating Systems Principles (October 2003)Google Scholar
  13. 13.
    Clark, C., Fraser, K., Hand, S., Hansen, J.G., Jul, E., Limpach, C., Pratt, I., Warfield, A.: Live migration of virtual machines. In: Proceedings of the 2nd ACM/USENIX Symposium on Networked Systems Design and Implementation (NSDI), Boston, MA, pp. 273–286 (May 2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Xiaohui Cui
    • 1
  • Wade Gasior
    • 2
  • Justin Beaver
    • 1
  • Jim Treadwell
    • 1
  1. 1.Oak Ridge National LaboratoryOak RidgeUSA
  2. 2.University of Tennessee at ChattanoogaChattanoogaUSA

Personalised recommendations