Honeyboost: Boosting honeypot performance with data fusion and anomaly detection
نویسندگان
چکیده
With insider attacks becoming more common and costing organizations every year, it has never been crucial to be able predict when an attack may happen. Network Anomaly Detection Systems (NADS) have the ability identify unusual behavior making them useful in predicting cyberattacks, but often suffer from high false positive rates. Honeypots used conjunction with NADS can help learning behaviors enable better prediction. However both honeypots legacy are generally deployed at gateway a network.
منابع مشابه
Distributed Anomaly Detection Using Satellite Data Fusion
There has been a tremendous increase in the volume of Earth science data over the last decade from modern satellites, in-situ sensors and different climate models. All these datasets need to be co-analyzed to find interesting patterns or to search for extremes or outliers. Information extraction from such rich data sources using advanced data mining methodologies is a challenging task not only ...
متن کاملAnomaly and Event Detection for Unsupervised Athlete Performance Data
There are many projects today where data is collected automatically to provide input for various data mining algorithms. A problem with freshly generated datasets is their unsupervised nature, leading to difficulty in fitting predictive algorithms without substantial manual effort. One of the first steps in dataset preparation and mining is anomaly detection, where clear anomalies and outliers ...
متن کاملAnomaly detection for Building Service Components using performance data
The efficient operation of building systems is important energy efficiency, comfort and safety. Determining when maintenance is required or when a fault has occurred is the focus of this work. We show how to use available performance data in a methodology for improved maintenance scheduling through anomaly detection. We apply two statistical prognostic techniques – Particle Filters and Gaussian...
متن کاملEffective Anomaly Detection with Scarce Training Data
Learning-based anomaly detection has proven to be an effective black-box technique for detecting unknown attacks. However, the effectiveness of this technique crucially depends upon both the quality and the completeness of the training data. Unfortunately, in most cases, the traffic to the system (e.g., a web application or daemon process) protected by an anomaly detector is not uniformly distr...
متن کاملNetwork Anomaly Detection with Incomplete Audit Data
With the ever increasing deployment and usage of gigabit networks, traditional network anomaly detection based Intrusion Detection Systems (IDS) have not scaled accordingly. Most, if not all, intrusion detection systems (IDS) assume the availability of complete and clean audit data. We contend that this assumption is not valid. Factors like noise, mobility of the nodes and the large amount of n...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Expert Systems With Applications
سال: 2022
ISSN: ['1873-6793', '0957-4174']
DOI: https://doi.org/10.1016/j.eswa.2022.117073