A dynamic honeypot design for intrusion detection

Kuwatly, Iyad; Sraj, Malek; Masri, Zaher Al Basiouni Al; Artail, Hassan

doi:10.1109/perser.2004.1356776

Cited by 40 publications

(36 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Xprobe2 [7] and Nmap are the active scanning components utilized in this program. Both Nmap and Xprobe2 use some of the same techniques, but each program emphasizes different protocols.…”

Section: Scanning Methodologymentioning

confidence: 99%

Securing E-Government Assets through Automating Deployment of Honeynets for IDS Support

Hecker

Hay

2010

2010 43rd Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

One of the challenges facing system e-government security professionals is the laborious task of sifting through numerous log files in an attempt to identify malicious traffic and conduct a forensics analysis to determine an appropriate course of action. This process is complicated significantly by the volume of traffic that can be associated with a production system environment. A honeynet can provide a mechanism to identify much of the forensically interesting traffic by creating a representative system to collect traffic data. However, it is challenging to maintain an accurate representation of a dynamic system in order to consistently collect the appropriate data of interest. This research effort addresses a current challenge identified by researchers at the Honeynet Project by describing a methodology for automatically creating and dynamically updating a honeynet in order to facilitate IDS support.

show abstract

“…Xprobe2 [7] and Nmap are the active scanning components utilized in this program. Both Nmap and Xprobe2 use some of the same techniques, but each program emphasizes different protocols.…”

Section: Scanning Methodologymentioning

confidence: 99%

Securing E-Government Assets through Automating Deployment of Honeynets for IDS Support

Hecker

Hay

2010

2010 43rd Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

show abstract

“…The solution aims at identifying intruders by analyzing the plentiful and global events of honeypots. Kuwatly [13] designs a dynamic honeypot for intrusion detection. In fact, the paper discusses the design of a dynamic honeypot, which is an autonomous honeypot capable of adapting in a dynamic and constantly changing network environment.…”

Section: Previous Workmentioning

confidence: 99%

Ensuring security in depth based on heterogeneous network security technologies

Sourour¹,

Bouhoula²,

Abbes³

2009

Int. J. Inf. Secur.

View full text Add to dashboard Cite

With the explosive growth of Internet connectivity that includes not only end-hosts but also pervasive devices, security becomes a requirement for enterprises. Although a significant effort has been made by the research community to develop defense techniques against security attacks, less focus has been given to manage security configuration efficiently. Network security devices, such as firewalls, intrusion detection and prevention systems, honeypot as well as vulnerability scanner, operate as a stand-alone system for solving a particular security problem. Yet these devices are not necessarily independent. The focus of this work is encompassing a security infrastructure where multiple security devices form a global security layer. Each component is defined with respect to the others and interacts dynamically and automatically with the different security devices in order to choose the best solution to be launched to prevent the final malicious objective. Our solution aims at solving, at the same time, the need for active defence, speed, reliability, accuracy and usability of the network.

show abstract

“…All these services are to make the network environment constructed more authentic and reliable. Then we can study and analyze tools and means used by invaders as well as their motivation through capturing the information left by hackers when they are invading [1][2][3] .…”

Section: Current Researchmentioning

confidence: 99%

A new dynamic defense model based on active deception

Gong

Sun

Qiang

2009

J. Electron.(China)

View full text Add to dashboard Cite

Aiming at the traditional passive deception models, this paper constructs a Decoy Platform based on Intelligent Agent (DPIA) to realize dynamic defense. The paper explores a new dynamic defense model based on active deception, introduces its architecture, and expatiates on communication methods and security guarantee in information transference. Simulation results show that the DPIA can attract hacker agility and activity, lead abnormal traffic into it, distribute a large number of attack data, and ensure real network security.Research on network security has come into a phase of information assurance, which sets up the architecture of dynamic network security defense. There are many very important researches in network security fields, such as how to get the latest attack evidence from hackers, how to decipher their attack technology, how to track them, and how to find out potential possibility about whether or not the system may be attacked. However, decoy technology is one of the best means to solve those problems.Decoy refers to tempt invaders into a virtual environment in order to monitor, track, and record their actions. The most popular deception methods at present are honeypot and honeynet. The honeypot is a host computer that simulates some 1 Manuscript

show abstract

A dynamic honeypot design for intrusion detection

Cited by 40 publications

References 0 publications

Securing E-Government Assets through Automating Deployment of Honeynets for IDS Support

Securing E-Government Assets through Automating Deployment of Honeynets for IDS Support

Ensuring security in depth based on heterogeneous network security technologies

A new dynamic defense model based on active deception

Contact Info

Product

Resources

About