Honeynet-based collaborative defense using improved highly predictive blacklisting algorithm

We present a honeynet-based collaborative defense framework and an improved highly predictive blacklisting algorithm is developed to generate highly personalized and predictive blacklists for individual networks by correlating historic attackers captured by honeynet deployed in each network. In this way, different networks can defend new attackers in a collaborative way because one network will notify another network, by dint of honeynet, of the most probable attackers in the near future based on their historic correlation. A relatively proactive defense strategy is realized based on honeynet in a collaborative way and we evaluated our algorithm with real-world honeynet traces captured in different subnets. The results show our method can generate highly personalized and predictive blacklists for individual networks with a high hit rate and defense rate.

[1]  Sahar Sohrabi,et al.  E-government security: A honeynet approach , 2009 .

[2]  Vinod Yegneswaran,et al.  Using Honeynets for Internet Situational Awareness , 2005 .

[3]  Yan Chen,et al.  Honeynet-based Botnet Scan Traffic Analysis , 2008, Botnet Detection.

[4]  Phillip A. Porras,et al.  Highly Predictive Blacklisting , 2008, USENIX Security Symposium.

[5]  Petra Perner,et al.  Data Mining - Concepts and Techniques , 2002, Künstliche Intell..

[6]  Van-Hau Pham,et al.  Collection and analysis of attack data based on honeypots deployed on the Internet , 2006, Quality of Protection.

[7]  Vinod Yegneswaran,et al.  Employing Honeynets For Network Situational Awareness , 2010, Cyber Situational Awareness.

[8]  Wenke Lee,et al.  Botnet Detection: Countering the Largest Security Threat , 2010, Botnet Detection.

[9]  Tian Junfeng,et al.  A new Honeynet Model , 2008, Wuhan University Journal of Natural Sciences.

[10]  D. Wijesekera,et al.  Knowledge sharing honeynets , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.