Honeypot trace forensics: The observation viewpoint matters

Pham, Van-Hau; Daciér, Marc

doi:10.1016/j.future.2010.06.004

Cited by 28 publications

(12 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ese days, unpredictable attack detection techniques have drawn attention from the cybersecurity researchers in the field of attack and defence [9]. e defence of the new attack is also one of the original motivations for the active protection of network security [10]. Fu et al [11] combined the conventional APT attack technology and principle and classified the attack into six implementation stages: detection preparation, code incoming, initial intrusion, etc., and summarized the attack characteristics.…”

Section: Related Researchmentioning

confidence: 99%

“…However, it cannot solve the problem of ubiquitous intrusion monitoring identification in edge computing networks. e system services provided by the edge computing terminal and the cloud computing centre still have the possibility of being attacked [6][7][8][9][10][11]. It is still a challenge to conduct intrusion detection with data-driven analytics in the security of edge computing network, which is supported by edge, given the complexity of complex systems and the unique features of edge computing.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

GLIDE: A Game Theory and Data-Driven Mimicking Linkage Intrusion Detection for Edge Computing Networks

Hou

Meng

et al. 2020

Complexity

View full text Add to dashboard Cite

The real-time and high-continuity requirements of the edge computing network gain more and more attention because of its active defence problem, that is, a data-driven complex problem. Due to the dual constraints of the hybrid feature of edge computing networks and the uncertainty of new attack features, implementing active defence measures such as detection, evasion, trap, and control is essential for the security protection of edge computing networks with high real-time and continuity requirements. The basic idea of safe active defence is to make the defence gain more significant than the attack loss. To encounter the new attacks with uncertain features introduced by the ubiquitous transmission network in the edge computing network, this paper investigates the attack behaviour and presents an attack-defence mechanism based on game theory. Based on the idea of dynamic intrusion detection, we utilize the game theory in the field of edge computing network and suggest a data-driven mimicry intrusion detection game model-based technique called GLIDE. The game income of participants and utility computing methods under different deployment strategies are analysed in detail. According to the proof analysis of the Nash equilibrium condition in the model, the contradictory dynamic game relationship is described. Therefore, the optimal deployment strategy of the multiredundancy edge computing terminal intrusion detection service in the edge computing network is obtained by solving the game balance point. The detection probability of the edge computing network for network attacks is improved, and the cost of intrusion detection of the edge computing network is reduced.

show abstract

Section: Related Researchmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

GLIDE: A Game Theory and Data-Driven Mimicking Linkage Intrusion Detection for Edge Computing Networks

Hou

Meng

et al. 2020

Complexity

View full text Add to dashboard Cite

show abstract

“…They compare the performance of J48, Bayesian network and naïve Bayes classifiers that identified the classification accuracy. Van-Hau et al [51] identified and traced low interaction honeypot belongs to the same botnet without any prior information. He proposed a solution to detect new botnets with very cheap and easily deployable solutions.…”

Section: Botnet Forensic Identificationmentioning

confidence: 99%

Botnet Forensic: Issues, Challenges and Good Practices

Bijalwan

Solanki

Pilli

2018

NPA

View full text Add to dashboard Cite

Unethical hacking of sites, probing, click frauds, phishing, denial of services attack and many such malicious practices affects the organizational integrity and sovereignty. Such activities are direct attacks on the safety, security and confidentiality of the organization. These activities put organizational privacy at stake. Botnet forensic is utilized to strengthen the security issues by understanding the modus operandi of the attacks. The available observations can be utilized in future also to prevent a potential threat to network security. This paper enlightens the novel summary of previous survey including life cycle, classification, framework, detection, analysis and the challenges for botnet forensics.

show abstract

“…They were able to identify several types of botnets based on those features. Other authors employed Significant Event Discovery (Buda & Bluemke, 2016), Long-Range Dependency (Zhan & Xu, 2013), Support Vector Machines (Song et al, 2011), Principal Components Analysis (Sharma & Mandeep, 2010;Almotairi, 2009), Symbolic Aggregate Approximation (Thonnard & Dacier, 2008) and feature correlation (Pham & Dacier, 2011). All of them indicate that the forensic examination of honeypot data is executable by standard data mining techniques.…”

Section: Background and Related Workmentioning

confidence: 99%

YAAS – On the Attribution of Honeypot Data

Fraunholz¹,

Krohmer²,

Antón³

et al. 2017

IJCSA

View full text Add to dashboard Cite

One of the major issues in digital forensics and attack analysis is the attribution of an attack to a type of malicious adversary. This is especially important to determine the relevance of an incident with respect to the threat it poses to a system. In this work, a holistic scheme to derive characteristics from honeypot data and to map this data to an attacker model is introduced. This scheme takes data that is provided by deception systems of any kind. After that, characteristics are derived that describe different attributes of an attacker. Those are used to categorise threats into one of nine attacker classes. This scheme has been evaluated with real world honeypot data. As expected, most attacks are rather harmless, but a few outliers have been identified.

show abstract

Honeypot trace forensics: The observation viewpoint matters

Cited by 28 publications

References 10 publications

GLIDE: A Game Theory and Data-Driven Mimicking Linkage Intrusion Detection for Edge Computing Networks

GLIDE: A Game Theory and Data-Driven Mimicking Linkage Intrusion Detection for Edge Computing Networks

Botnet Forensic: Issues, Challenges and Good Practices

YAAS – On the Attribution of Honeypot Data

Contact Info

Product

Resources

About