Multi Layer Cyber Attack Detection through Honeynet
暂无分享,去创建一个
Intrusion detection forms an indispensable component of cyber security. To keep pace with the growing trends of blackhat community, there is an urgent need to replace single layer detection technology with multi layer detection. Our practical experiences depicted the retrieval of attack evidences from system traces. This paper signifies the integration of host-based intrusion detection system (HIDS) with already existing network based detection on Gen 3 Honeynet architecture. The integration procedure involves the stealth mode operation of HIDS sensor, code organization to generate HIDS alerts in a standard format with requisite network parameters, enhancing the functionality of data fusion to pipeline HIDS sensor with other data sensors for real-time operation and correlation with established network sessions, and further visualization on graphical analysis console. The benefits of new Honeynet architecture have been established. The results in the form of statistical trend distribution and percentage reduction of Honeynet data have been presented.
[1] N. Paulauskas,et al. Computer System Attack Classification , 2006 .
[2] E. Balas,et al. Towards a third generation data capture architecture for honeynets , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.
[3] Robin Berthier,et al. Profiling Attacker Behavior Following SSH Compromises , 2007, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07).