att_abstract={{Protecting computer and information systems from security attacks is becoming an increasingly important task for system administrators. Honeypots are a technology often used to detect attacks and collect information about techniques and targets (e.g., services, ports, operating systems) of attacks. However, managing a large and complex honeynet of honeypots becomes a challenge in itself given the amount of data collected as well as the risk that the honeypots may themselves become infected and start attacking other machines. In this paper, we present DarkNOC, a management and monitoring tool for complex honeynets consisting of different types of honeypots as well as other data collection devices. DarkNOC has been actively used to manage a honeynet consisting of multiple subnets and hundreds of IP addresses. This paper describes the architecture and a number of case studies demonstrating the use of the tool.}},
	att_authors={bs3591, mh7921, dk3239, gv2957},
	att_categories={C_NSS.3, C_NSS.4, C_NSS.16},
	att_copyright_notice={{The definitive version was published in USENIX LISA'11: 25th Large Installation System Administration Conference, Usenix. {{, 2011-12-04}}
	author={Bertrand Sobesto and Michel Cukier and Matti Hiltunen and David Kormann and Gregory Vesonder and Robin Berthier},
	institution={{USENIX LISA'11: 25th Large Installation System Administration Conference}},
	title={{DarkNOC: Dashboard for Honeypot Management}},