The following technical report is available from
http://aib.informatik.rwth-aachen.de/:
Fabien Pouget, Thorsten Holz:
A Pointillist Approach for Comparing Honeypots
AIB 2005-05
The concept of electronic decoys ("honeypots"), which are network
resources that are deployed to be probed, attacked, and eventually
compromised, is used in the area of IT security to learn more about
attack patterns and attackers' behavior in real-world networks. Our
research focuses on gathering detailed statistics on the threats over a
long period of time in order to get a better understanding of their
characteristics. In this perspective, we are deploying honeypots of
different interaction levels in various locations. At a first glance,
these honeypots can be considered as permanent sensors that gather
statistical information on a long-term perspective.
Generally speaking, honeypots are often classified by their level of
interaction. For instance, it is admitted that a high interaction
approach is suited for recording hacker shell commands, while a low
interaction approach provides limited information on the attackers'
activities. So far, there exists no serious comparison to express the
level of information on which both approaches differ. Thanks to the
environment that we are deploying, we are able to provide a rigorous
comparison between the two approaches, both qualitatively and
quantitatively. The proposed analysis leads to an interesting study of
malicious activities hidden by the noise of less interesting ones.
Furthermore, it shows the complementarities of the two approaches: a
high interaction honeypot allows controlling the relevance of low
interaction honeypot configurations. Thus, both interaction levels are
required to build an efficient network of distributed honeypots.
The following technical report is available from
http://aib.informatik.rwth-aachen.de/:
Jürgen Giesl, René Thiemann, Peter Schneider-Kamp:
Proving and Disproving Termination of Higher-Order Functions
AIB 2005-03
The dependency pair technique is one of the most powerful methods for
automated termination proofs of term rewrite systems (TRSs). We present
two important extensions of this technique: First, we show how to prove
termination of higher-order functions with dependency pairs. To this
end, the dependency pair technique is extended to handle (untyped)
applicative TRSs. Second, we introduce a method to prove non-
termination in the dependency pair framework, while up to now dependency
pairs were only used to verify termination. We implemented and evaluated
our results in the automated termination prover AProVE.
The following technical report is available from
http://aib.informatik.rwth-aachen.de/:
Daniel Mölle, Stefan Richter, Peter Rossmanith:
A Faster Algorithm for the Steiner Tree Problem
AIB 2005-04
The best algorithm for the Steiner tree problem by Dreyfus and
Wagner is 33 years old. We celebrate this occasion and present a
variation on this theme. A new algorithm is developed, which
improves the running time from O(3^k n^3) to O((2+epsilon)^k poly(n)).
