Honeypots: catching the insider threat
暂无分享,去创建一个
In the past several years there has been extensive research into honeypot technologies, primarily for detection and information gathering against external threats. However, little research has been done for one of the most dangerous threats, the advance insider, the trusted individual who knows our internal organization. These individuals are not after our systems, they are after our information. We discuss how honeypot technologies can be used to detect, identify, and gather information on these specific threats.
[1] Vinod Yegneswaran,et al. Internet intrusions: global characteristics and prevalence , 2003, SIGMETRICS '03.
[2] Henry L. Owen,et al. The use of Honeynets to detect exploited systems across large enterprise networks , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..