1.0 DEPLOYEMENTS
=================
1.1  Current technologies deployed. Describe anything that you have
     deployed that is collecting information, including honeynets,
     client honeypots, honeyd, mwcollect, or anything else honeypot
     related.

- Data Control and Capture
  Honeywall Roo

- Data Analysis
  Honeywall Walleye
  Visual log browser developed by our selves

- Honeypots
  Fedora Core 3
  Windows 2000

We also experimented low interactive honeypot called Kojoney.

1.2  Activity timeline: Highlight attacks, compromises, and interesting
     information collected.

During this quater, we mainly observed SSH brute force attack.

2.0 FINDINGS
=============
2.1  Highlight any unique findings, attacks, tools, or methods.

We had no systems compromised on Honeywall. But we observed some activities to Kojoney.

2.2  Any trends seen in the past six months.

The SSH brute force was a major attack.

2.3  What are you using for data analysis?  What is working well, and
     what is missing, what data analysis functionality would you like
     to see developed?

Honeywall Walleye was useful to monitor. But to investigate multiple logs, our own log browser was used.

3.0 LESSONS LEARNED
===================
3.1  What new positive things can you share with the community, so
     they can replicate your success?

3.2  What new mistakes can you share with the community, so they
     don't make the same mistakes?

none.

3.3  Are there any research ideas you would like to see developed?


4.0 NEW TOOLS
=======================
4.1  What new tools or technology are you working on?

We are developing a log browser and visualization systems.

4.2  Would you like to integrate this with any other tools, or you
     looking for help or collaboration with others in testing or
     developing the tool?

We are thinking to visualize multiple honeypot logs in one visualization. We are now making a prototype. When the alpha version is completed, we would like to share the ideas with others.


5.0 PAPERS AND PRESENTATIONS
============================
5.1  Are you working any papers to be published, such as KYE or academic
     papers?
5.2  Are you looking for any data or people to help with your papers?
5.3  Where did you publish/present honeypot-related material?

M. Ebata and H. Koike: Time-based Visualization of Multiple Logs for Intrusion Analysis, J. of Information Processing Society of Japan, Vol. 47, No. 4, pp.1099-1107, 2006.  (in Japanese)

K. Ohno and H. Koike: IP Matrix: Visualization System for Network Monitoring, J. of Information Processing Society of Japan, Vol. 47, No. 4, pp.1077-1086, 2006. (in Japanese)


6.0 ORGANIZATIONAL
==================
6.1  Changes in the structure of your organization.

No.

6.2  Your feedback on Alliance activities.

None at this time.

6.3  Any suggestions for improving the Alliance?

Nothing


7.0 GOALS
=========
7.1  Which of your goals did you meet for the last six months?

- We tested our log browser.

- We investigated low interactive honeypot.

7.2  Which of your goals did you not meet for the last six months?

7.3  Goals for the next six months

- design and develop a visualization system for distributed honeypot
- keep investigating low interactive honeypot


8.0 MISC ACTIVITIES
====================
8.1  Anything else not covered you would like to share.