Path: Top -> Journal -> Jurnal Internasional -> Journal -> Computer
Improving Exposure of Intrusion Deception System through Implementation of Hybrid Honeypot
Improving Exposure of Intrusion Deception System through Implementation of Hybrid Honeypot
2010Journal from gdlhub / 2017-08-14 11:52:32
Oleh : Masood Mansoori, Omar Zakaria, and Abdullah Gani, IAJIT
Dibuat : 2012-06-23, dengan 1 file
Keyword : IDS, server honeypot, client honeypot, and hybrid honeypot.
Subjek : Improving Exposure of Intrusion Deception System through Implementation of Hybrid Honeypot
Url : http://www.ccis2k.org/iajit/PDF/vol.9,no.5/2937-5.pdf
This paper presents a new design hybrid honeypot to improve the exposure aspect of intrusion deception systems
and in particular, research server honeypots. A major attribute in the design of a server honeypot is its passiveness, which
allows the honeypot to expose its services and passively wait to be attacked. Although passiveness of a server honeypot
simplifies the analysis process by classifying traffics as malicious, however it also lessens its ability to lure attackers through
exposure of vulnerable service. As a result it captures smaller amount of data on attacks for analysis. Client honeypot designs,
on the other hand, contain modules that actively interact with outside networks, expose vulnerabilities in client side software,
and identify malicious content, hosted on webservers. The proposed hybrid system integrates active module concept of a client
honeypot into a server honeypot. The active module interacts with webservers utilising a custom crawler and browser,
publicises the honeypots IP address and therefore improves exposure of server honeypot's vulnerable services. The findings
presented in this paper show that interaction with webservers improves exposure, and results in significantly higher number of
attacks, which in turn, increases the probability of discovering new threats. The findings also characterise most attacks to be
worm based and directed at Windows based hosts and services.
This paper presents a new design hybrid honeypot to improve the exposure aspect of intrusion deception systems
and in particular, research server honeypots. A major attribute in the design of a server honeypot is its passiveness, which
allows the honeypot to expose its services and passively wait to be attacked. Although passiveness of a server honeypot
simplifies the analysis process by classifying traffics as malicious, however it also lessens its ability to lure attackers through
exposure of vulnerable service. As a result it captures smaller amount of data on attacks for analysis. Client honeypot designs,
on the other hand, contain modules that actively interact with outside networks, expose vulnerabilities in client side software,
and identify malicious content, hosted on webservers. The proposed hybrid system integrates active module concept of a client
honeypot into a server honeypot. The active module interacts with webservers utilising a custom crawler and browser,
publicises the honeypots IP address and therefore improves exposure of server honeypot's vulnerable services. The findings
presented in this paper show that interaction with webservers improves exposure, and results in significantly higher number of
attacks, which in turn, increases the probability of discovering new threats. The findings also characterise most attacks to be
worm based and directed at Windows based hosts and services.
Beri Komentar ?#(0) | Bookmark
| Properti | Nilai Properti |
|---|---|
| ID Publisher | gdlhub |
| Organisasi | IAJIT |
| Nama Kontak | Herti Yani, S.Kom |
| Alamat | Jln. Jenderal Sudirman |
| Kota | Jambi |
| Daerah | Jambi |
| Negara | Indonesia |
| Telepon | 0741-35095 |
| Fax | 0741-35093 |
| E-mail Administrator | elibrarystikom@gmail.com |
| E-mail CKO | elibrarystikom@gmail.com |
Print ...
Kontributor...
- , Editor: fachruddin
Download...
Download hanya untuk member.
23
File : 23.50.PDF
(601891 bytes)