Improving exposure of intrusion deception system through implementation of hybrid honeypot
نویسندگان
چکیده
This paper presents a new design hybrid honeypot to improve the exposure aspect of intrusion deception systems and in particular, research server honeypots. A major attribute in the design of a server honeypot is its passiveness, which allows the honeypot to expose its services and passively wait to be attacked. Although passiveness of a server honeypot simplifies the analysis process by classifying traffics as malicious, however it also lessens its ability to lure attackers through exposure of vulnerable service. As a result it captures smaller amount of data on attacks for analysis. Client honeypot designs, on the other hand, contain modules that actively interact with outside networks, expose vulnerabilities in client side software, and identify malicious content, hosted on webservers. The proposed hybrid system integrates active module concept of a client honeypot into a server honeypot. The active module interacts with webservers utilising a custom crawler and browser, publicises the honeypot’s IP address and therefore improves exposure of server honeypot's vulnerable services. The findings presented in this paper show that interaction with webservers improves exposure, and results in significantly higher number of attacks, which in turn, increases the probability of discovering new threats. The findings also characterise most attacks to be worm based and directed at Windows based hosts and services.
منابع مشابه
Parallel Hybrid Honeypot and IDS Architecture to Detect Network Attacks
In this paper, we have proposed a parallel IDS and honeypot based approach to detect and analyze the unknown and known attack taxonomy for improving the IDS performance and protecting the network from intruders. The main theme of our approach is to record and analyze the intruder activities by using both the low and high interaction honeypots. Our architecture aims to achieve the required goals...
متن کاملAn Autoconfigurated Hybrid Honeypot for Improving Security in Computer Systems
Providing computer system security is one of the important areas of consideration in Information Technology. There is a rapid advancement in this area because no one exactly wants his system to be attacked by an intruder and the data to be compromised. An experienced attacker may get to know the weaknesses of the system and may obtain the sensible data. So its necessary to give protection again...
متن کاملHoneymaze: a Hybrid Intrusion Detection System
In this paper we discussed, a hybrid intrusion detection system using honey pot. Hybrid honeypot is the combination of low and high interaction honeypots. It helps in detecting intrusion attacking on the system. For this, I have proposed the hybrid model of hybrid honeypot. Low interaction honeypot provide enough interaction to attackers to allow honeypot to detect interesting attacks. It also ...
متن کاملImproving the Effectiveness of Deceptive Honeynets through an Empirical Learning Approach
Over the last few years, network based intrusions have increased rapidly, due to the increase and popularity of various attack tools easily available today. Due to this increase in intrusions, the concept of network Honeypots are being developed, which can be used to trap and decode the attack methods of the malicious attackers. This paper will review the current state of honeypot technology as...
متن کاملA Survey on Potential Applications of Honeypot Technology in Intrusion Detection Systems
Information security in the sense of personal and institutional has become a top priority in digitalized modern world in parallel to the new technological developments. Many methods, tools and technologies are used to provide the information security of IT systems. These are considered, encryption, authentication, firewall, and intrusion detection and prevention systems. Moreover, honeypot syst...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Int. Arab J. Inf. Technol.
دوره 9 شماره
صفحات -
تاریخ انتشار 2012