2014
DOI: 10.1007/978-3-319-07620-1_2
|View full text |Cite
|
Sign up to set email alerts
|

A Network Telescope for Early Warning Intrusion Detection

Abstract: Proactive cyber-security tools provide basic protection as today's cyber-criminals utilize legitimate traffic to perform attacks and remain concealed quite often until it is too late. As critical resources, hidden behind layers of cyber-defenses, can still become compromised with potentially catastrophic consequences, it is of paramount significance to be able to identify cyber-attacks and prepare a proper defense as early as possible. In this paper we will go over the architecture, deployment and usefulness o… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
8
0

Year Published

2014
2014
2019
2019

Publication Types

Select...
3
2
1

Relationship

1
5

Authors

Journals

citations
Cited by 10 publications
(8 citation statements)
references
References 7 publications
0
8
0
Order By: Relevance
“…Simple honeypots and SCADA‐specific honeypots are deployed to emulate the exact network and SCADA system setup present in the SDN‐enabled wind park. Moreover, passive honeypots (early warning intrusion detection systems (EWIS) in specific) are also part of the Honeynet, acting as a network telescope on the production part of the industrial network to monitor all activity in normally unused parts of the network. Such activity is a good indicator of malicious entities operating on the network (such as an attacker probing/foot‐printing the network), thus providing early warning of incoming attacks.…”
Section: Reactive Security Framework Implementationmentioning
confidence: 99%
“…Simple honeypots and SCADA‐specific honeypots are deployed to emulate the exact network and SCADA system setup present in the SDN‐enabled wind park. Moreover, passive honeypots (early warning intrusion detection systems (EWIS) in specific) are also part of the Honeynet, acting as a network telescope on the production part of the industrial network to monitor all activity in normally unused parts of the network. Such activity is a good indicator of malicious entities operating on the network (such as an attacker probing/foot‐printing the network), thus providing early warning of incoming attacks.…”
Section: Reactive Security Framework Implementationmentioning
confidence: 99%
“…Such an infrastructure is mainly characterized by the size of the subnetwork defined by the prefix length. Although such an approach seems rather limited than more active techniques like honeypots emulating real services, they have been shown to be complementary [8], [9].…”
Section: Background and Related Workmentioning
confidence: 99%
“…The system's architecture includes a network of distributed low-interaction sensors and a central server [1]. The sensors are small computing platforms [2] that by design are easy to deploy in a distributed fashion to a large number of partner organizations.…”
Section: Introductionmentioning
confidence: 99%