A Honeypot Architecture for Detecting and Analyzing Unknown Network Attacks
نویسندگان
چکیده
In this paper, we propose a honeypot architecture for detecting and analyzing unknown network attacks. The main focus of our approach lies in improving the “significance” of recorded events and network traffic that need to be analyzed by a human network security operator in order to identify a new attacking pattern. Our architecture aims to achieve this goal by combining three main components: 1. a packet filter that suppresses all known attacking packets, 2. a proxy host that performs session-individual logging of network traffic, and 3. a honeypot host that executes actual network services to be potentially attacked from the Internet in a carefully supervised environment and that reports back to the proxy host upon the detection of suspicious behavior. Experiences with our first prototype of this concept show that it is relatively easy to specify suspicious behavior and that traffic belonging to an attack can be successfully identified and marked.
منابع مشابه
A Dynamic Approach for Honeypot Management
Honeypot is a security device the value of which lies mainly in discovering and inspecting, being attacked and being at risk. Most of the present Honeypots are configured and installed on the network statically. In some cases considerations have been made on dynamic configuration of Honeypots at the time of installation but still no study have been carried out on how to instantaneously change t...
متن کاملParallel Hybrid Honeypot and IDS Architecture to Detect Network Attacks
In this paper, we have proposed a parallel IDS and honeypot based approach to detect and analyze the unknown and known attack taxonomy for improving the IDS performance and protecting the network from intruders. The main theme of our approach is to record and analyze the intruder activities by using both the low and high interaction honeypots. Our architecture aims to achieve the required goals...
متن کاملA Dynamic Approach for Honeypot Management
Honeypot is a security device the value of which lies mainly in discovering and inspecting, being attacked and being at risk. Most of the present Honeypots are configured and installed on the network statically. In some cases considerations have been made on dynamic configuration of Honeypots at the time of installation but still no study have been carried out on how to instantaneously change t...
متن کاملA Review on Honeypot as an Intrusion Detection System for Wireless Network
Honeypots are decoy computer resources set up for the purpose of monitoring and logging the activities of entities that probe, attack or compromise them. Honeypot does work as an Intrusion Detection System which detect the attacker in a network. Activities on honeypots can be considered suspicious by definition, as there is no point for users to interact with these systems. In this paper, we pr...
متن کاملHoneymaze: a Hybrid Intrusion Detection System
In this paper we discussed, a hybrid intrusion detection system using honey pot. Hybrid honeypot is the combination of low and high interaction honeypots. It helps in detecting intrusion attacking on the system. For this, I have proposed the hybrid model of hybrid honeypot. Low interaction honeypot provide enough interaction to attackers to allow honeypot to detect interesting attacks. It also ...
متن کامل