Attack detection in high-speed networks is a hot research topic. While the performance of packet oriented signature-based approaches is questionable, flow-based anomaly detection shows high false positive rates. We tried to combine both techniques. In this paper, we study the applicability of flow-based attack detection. We installed a lab environment consisting of a monitoring infrastructure a...

The increased utilization of the Internet and the larger number of computers connected to it has brought up a significant security problem. Hackers or crackers have attacked computers and need to be detected and neutralized. This study presents a brief description of tools and methods of the honeypot community. A new tool resulting from a shift on the focus of the research allows system adminis...

Neural projection techniques can adaptively map high-dimensional data into a low-dimensional space, for the user-friendly visualization of data collected by different security tools. Such techniques are applied in this study for the visual inspection of honeypot data, which may be seen as a complementary network security tool that sheds light on internal data structures through visual inspectio...

We analyze the increasing threats against IoT devices. We show that Telnet-based attacks that target IoT devices have rocketed since 2014. Based on this observation, we propose an IoT honeypot and sandbox, which attracts and analyzes Telnet-based attacks against various IoT devices running on different CPU architectures such as ARM, MIPS, and PPC. By analyzing the observation results of our hon...

This paper discusses on the development of the Honeyd@WEB. Honeyd@WEB is a system that can deploy low-interaction, production, dynamic and manageable virtual honeypots via a web interface. It runs open source programs, such as P0f (a passive fingerprinting tool) and Honeyd (a low-interaction honeypot). Honeyd@WEB can automatically determine; how many honeypots to deploy, how to deploy them, and...

This research looks at the efficiency of the honeyd honeypot system to reliably deceive intruders. Honeypots are being used as frontline network intelligence and forensic analysis tools. A honeypots ability to reliably deceive intruders is a key factor in gathering reliable and forensically sound data. Honeyd’s primary deceptive mechanism is the use of the NMAP fingerprint database to provide b...

In the contemporary world, network security has been of biggest importance and acute worry in both individual institutional wisdom, concurrent with newly emerging technologies. Firewalls, encryption techniques, intrusion detection systems, honeypots are just a few systems technologies that have developed to ensure information security. Systems for safeguarding an organizational environment thro...

Internet sudah menjadi komoditas utama dalam hal komunikasipada era ini. Dengan seiring perkembangan zaman, serangan yang terjadi di internetpun semakin berkembang. Untuk mencegah sebuah banyak sistem atau program dikembangkan untuk menghalau suatu serangan, salah satu diantaranya yaitu honeypot. Honeypot merupakan aplikasi guna mampu menahan, mendeteksi, serta mencatat masuk kedalam jaringan s...

We propose a system for detecting scanning-worm infected machines in a local network. Infected machines are detected after a few unsuccesful connection attempts, and in cooperation with the border router, their traffic is redirected to a honeypot for worm identification and capture. We discuss the architecture of the system and present a sample implementation based on a Linux router. We discuss...

The advance of 802.11b wireless networking has been beset by inherent and in-built security problems. Network security tools that are freely available may intercept network transmissions readily and with stealth, making organisations highly vulnerable to attack. Deception is an essential element of effective security that has been used in networks to understand attack methods and intrusions. Th...