A study on attack information collection using virtualization technology

Internet is used in all sectors of society by rapid changes in computing technology and expanded internet prevalence. But due to opposite effect of this, malicious code and damage of hacking is growing rapidly and the technique is becoming various. Attacker’s attack patterns and information should be collected in order to reduce the damage and cope more aggressively to attack. In this paper, we propose a system which build honeypot farm using created virtual machine dynamically by utilizing honeypot to collect attack information and virtualization technology. The created virtual machines are managed by VMSC and protocol-based intrusion detection system which shows stable performance in mass traffic to attacker’s intrusion detection is applied. Measurement of attack attempt and attack detection rate was measured to confirm the performance of the proposed system in this paper and the result of good performance through experiment was confirmed.

[1]  Reto Baumann,et al.  White Paper : Honeypots , 2002 .

[2]  David J. Marchette,et al.  Computer Intrusion Detection and Network Monitoring , 2001, Statistics for Engineering and Information Science.

[3]  Matt Bishop,et al.  Virtual Machine Introspection: Observation or Interference? , 2008, IEEE Security & Privacy.

[4]  Michael I. Jordan,et al.  Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint , 2001 .

[5]  Guo Li,et al.  Tracking video objects with feature points based particle filtering , 2010, Multimedia Tools and Applications.

[6]  Dong Hwi Lee,et al.  PCA in ERP environment using the misuse detection system design and implementation of RBAC permissions , 2010, Multimedia Tools and Applications.

[7]  Felix C. Freiling,et al.  Monkey-Spider: Detecting Malicious Websites with Low-Interaction Honeyclients , 2008, Sicherheit.

[8]  Peng Ning,et al.  Learning attack strategies from intrusion alerts , 2003, CCS '03.

[9]  Marc Dacier,et al.  ScriptGen: an automated script generation tool for Honeyd , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[10]  Niels Provos,et al.  A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[11]  Luiz Affonso Guedes,et al.  Exploiting the sensing relevancies of source nodes for optimizations in visual sensor networks , 2011, Multimedia Tools and Applications.

[12]  L. Spitzner,et al.  Honeypots: Tracking Hackers , 2002 .

[13]  Ralf Klamma,et al.  Building mobile multimedia services: a hybrid cloud computing approach , 2012, Multimedia Tools and Applications.

[14]  Chris Kanich,et al.  Practical Containment for Measuring Modern Malware Systems , 2011 .

[15]  Won Hyung Park,et al.  A study on cyber threat prediction based on intrusion detection event for APT attack detection , 2012, Multimedia Tools and Applications.

[16]  Chris Kanich,et al.  GQ: practical containment for measuring modern malware systems , 2011, IMC '11.

[17]  Rafael Muñoz-Salinas,et al.  Example-based procedural modelling by geometric constraint solving , 2011, Multimedia Tools and Applications.