{"title":"基于蜜网的多层网络攻击检测","authors":"J. S. Bhatia, R. Sehgal, B. Bhushan, Harneet Kaur","doi":"10.1109/NTMS.2008.ECP.65","DOIUrl":null,"url":null,"abstract":"Intrusion detection forms an indispensable component of cyber security. To keep pace with the growing trends of blackhat community, there is an urgent need to replace single layer detection technology with multi layer detection. Our practical experiences depicted the retrieval of attack evidences from system traces. This paper signifies the integration of host-based intrusion detection system (HIDS) with already existing network based detection on Gen 3 Honeynet architecture. The integration procedure involves the stealth mode operation of HIDS sensor, code organization to generate HIDS alerts in a standard format with requisite network parameters, enhancing the functionality of data fusion to pipeline HIDS sensor with other data sensors for real-time operation and correlation with established network sessions, and further visualization on graphical analysis console. The benefits of new Honeynet architecture have been established. The results in the form of statistical trend distribution and percentage reduction of Honeynet data have been presented.","PeriodicalId":432307,"journal":{"name":"2008 New Technologies, Mobility and Security","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"Multi Layer Cyber Attack Detection through Honeynet\",\"authors\":\"J. S. Bhatia, R. Sehgal, B. Bhushan, Harneet Kaur\",\"doi\":\"10.1109/NTMS.2008.ECP.65\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Intrusion detection forms an indispensable component of cyber security. To keep pace with the growing trends of blackhat community, there is an urgent need to replace single layer detection technology with multi layer detection. Our practical experiences depicted the retrieval of attack evidences from system traces. This paper signifies the integration of host-based intrusion detection system (HIDS) with already existing network based detection on Gen 3 Honeynet architecture. The integration procedure involves the stealth mode operation of HIDS sensor, code organization to generate HIDS alerts in a standard format with requisite network parameters, enhancing the functionality of data fusion to pipeline HIDS sensor with other data sensors for real-time operation and correlation with established network sessions, and further visualization on graphical analysis console. The benefits of new Honeynet architecture have been established. The results in the form of statistical trend distribution and percentage reduction of Honeynet data have been presented.\",\"PeriodicalId\":432307,\"journal\":{\"name\":\"2008 New Technologies, Mobility and Security\",\"volume\":\"30 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-11-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 New Technologies, Mobility and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NTMS.2008.ECP.65\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 New Technologies, Mobility and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NTMS.2008.ECP.65","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Multi Layer Cyber Attack Detection through Honeynet
Intrusion detection forms an indispensable component of cyber security. To keep pace with the growing trends of blackhat community, there is an urgent need to replace single layer detection technology with multi layer detection. Our practical experiences depicted the retrieval of attack evidences from system traces. This paper signifies the integration of host-based intrusion detection system (HIDS) with already existing network based detection on Gen 3 Honeynet architecture. The integration procedure involves the stealth mode operation of HIDS sensor, code organization to generate HIDS alerts in a standard format with requisite network parameters, enhancing the functionality of data fusion to pipeline HIDS sensor with other data sensors for real-time operation and correlation with established network sessions, and further visualization on graphical analysis console. The benefits of new Honeynet architecture have been established. The results in the form of statistical trend distribution and percentage reduction of Honeynet data have been presented.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
