{"title":"利用入侵检测模型增强蜜罐系统","authors":"Yong Tang, Huaping Hu, Xicheng Lu, Jie Wang","doi":"10.1109/IWIA.2006.14","DOIUrl":null,"url":null,"abstract":"Honeypots are highly valued for their detective function. However, suitable detection models use in honeypot system have not been fully explored. We present HonIDS, a honeypot system for detecting malicious hosts and intruders in local network. HonIDS is characterized by its layered structure and is enhanced by two detection models: TFRPP (times, frequency, range, port risk, average payload length) model and Bayes model. The basic idea of these models is that although it is hard to directly judge whether one interaction with the honeypots is an attack or malicious activity, it is possible to identify intruders by analyzing the plentiful and global events of honeypots in a given period of time. The TFRPP model gives the honeypot system the ability to assess different risks, by assigning dubiety scores to the hosts who visited honeypots. The Bayes detection model can detect some main types of attacks by classification. The results of our evaluation experiments indicate that TFRPP model and Bayes model are effective and suitable for honeypot system","PeriodicalId":156960,"journal":{"name":"Fourth IEEE International Workshop on Information Assurance (IWIA'06)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"HonIDS: enhancing honeypot system with intrusion detection models\",\"authors\":\"Yong Tang, Huaping Hu, Xicheng Lu, Jie Wang\",\"doi\":\"10.1109/IWIA.2006.14\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Honeypots are highly valued for their detective function. However, suitable detection models use in honeypot system have not been fully explored. We present HonIDS, a honeypot system for detecting malicious hosts and intruders in local network. HonIDS is characterized by its layered structure and is enhanced by two detection models: TFRPP (times, frequency, range, port risk, average payload length) model and Bayes model. The basic idea of these models is that although it is hard to directly judge whether one interaction with the honeypots is an attack or malicious activity, it is possible to identify intruders by analyzing the plentiful and global events of honeypots in a given period of time. The TFRPP model gives the honeypot system the ability to assess different risks, by assigning dubiety scores to the hosts who visited honeypots. The Bayes detection model can detect some main types of attacks by classification. The results of our evaluation experiments indicate that TFRPP model and Bayes model are effective and suitable for honeypot system\",\"PeriodicalId\":156960,\"journal\":{\"name\":\"Fourth IEEE International Workshop on Information Assurance (IWIA'06)\",\"volume\":\"34 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-04-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Fourth IEEE International Workshop on Information Assurance (IWIA'06)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IWIA.2006.14\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Fourth IEEE International Workshop on Information Assurance (IWIA'06)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IWIA.2006.14","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
HonIDS: enhancing honeypot system with intrusion detection models
Honeypots are highly valued for their detective function. However, suitable detection models use in honeypot system have not been fully explored. We present HonIDS, a honeypot system for detecting malicious hosts and intruders in local network. HonIDS is characterized by its layered structure and is enhanced by two detection models: TFRPP (times, frequency, range, port risk, average payload length) model and Bayes model. The basic idea of these models is that although it is hard to directly judge whether one interaction with the honeypots is an attack or malicious activity, it is possible to identify intruders by analyzing the plentiful and global events of honeypots in a given period of time. The TFRPP model gives the honeypot system the ability to assess different risks, by assigning dubiety scores to the hosts who visited honeypots. The Bayes detection model can detect some main types of attacks by classification. The results of our evaluation experiments indicate that TFRPP model and Bayes model are effective and suitable for honeypot system
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
