The Honeynet Project Chinese Chapter - Status Report 2011

ORGANIZATION

The Chinese Chapter consists of the following people:
* Jianwei Zhuge, Tsinghua
* Chengyu Song, Gatech
* Zhijie Chen, Berkeley
* Xinhui Han, PKU
* Yong Tang, NUDT
* Huilin Zhang, PKU
* Zhongjie Wang, PKU
* Lingfeng Sun, HuaweiSymantec
* Jian Jiang, Tsinghua
* Youzhi Bao, PKU
* Cong Zheng, PKU

The Chapter members are interested in research projects covering the following topics:

1. Low-interaction/high-interaction client honeypots
2. Distributed honeynet deployment, operation and data analysis
3. Automated malware collection and analysis systems
4. Android malware analysis

DEPLOYMENTS

We have recently deployed three instances of dionaea/kippo honeypot sensors.
We requested several Honeeebox sensors, but haven't received yet.

RESEARCH AND DEVELOPMENT

* Zhijie Chen and Cong Zheng contributed some codes to PhoneyC.
* Chengyu Song developed hv-sebek, a prototype tool for honeypot monitoring based on hardware virtualization technology. during Google Summer of Code 2010.
* Huilin Zhang developed PDFHoneyC, a prototype tool for detect malicious PDF files, during Google Summer of Code 2010.
* Zhongjie Wang developed TraceXploit, mentored by Jianwei Zhuge, but in POC state, during Google Summer of Code 2010.
* Cong Zheng is currently designing and developing an Android static analysis GUI tool during the Google Summer of Code 2011.
* Youzhi Bao is currently designing and developing COM simulation extension module for Capture-HPC during the Google Summer of Code 2011.

PAPERS AND PRESENTATIONS

* C. Song, B. Hay, J. Zhuge. Know Your Tools: Qebek – Conceal the Monitoring, Know Your Tools Whitepaper.
* Z. Chen, G. Gu, J. Zhuge, J. Nazario, X. Han, WebPatrol: Automated Collection and Replay of Web-based Malware Scenarios, In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS’11) , HongKong, China, March 2011(Acceptance ratio 16%=35/217).
* J. Zhuge, An Introduction to Kippo Honeypot, Chinese Education Network, In Chinese.

GOALS
1. Distributively deploy HonEeeBox Honeypots and more dionaea/kippo/glastopf sensors on CERNET, and build the threat data center for the threat monitoring and analysis, providing support for CCERT team.
2. Continue improving the tools that we have contributed during GSoC 2011 and GSoC 2010.

MISC ACTIVITIES
We contributed to the Forensic Challenge 2010 Chinese Version, but failed to attract more Chinese to involve in.