All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Flow-based Monitoring of Honeypots

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F13%3A00065721" target="_blank" >RIV/00216224:14610/13:00065721 - isvavai.cz</a>

  • Result on the web

  • DOI - Digital Object Identifier

Alternative languages

  • Result language

    angličtina

  • Original language name

    Flow-based Monitoring of Honeypots

  • Original language description

    Honeypots are known as an effective tools for discovering new attacks and for observing activity of the attackers. However, they are often seen as a research-oriented tools for security professionals that require constant supervision. We have created anincident detection system based on a combination of honeypots and flow-based monitoring that takes the best of both without additional complexity. In this paper we present deployment of both low-interaction and high-interaction honeypots and their monitoring based on network flows. We show how honeypots can be used as an automatic detection tool in the production network. We present a plug-in called honeyscan for widely-used NetFlow collector NfSen that was developed to monitor and evaluate network activity of the honeypot and to report security incidents. This plug-in processes traffic destined to honeypots, stores credentials from authentication attempts, and observes attacker's activity in the protected network.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

    IN - Informatics

  • OECD FORD branch

Result continuities

  • Project

    <a href="/en/project/VG20132015103" target="_blank" >VG20132015103: Cybernetic Proving Ground</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2013

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    Security and Protection of Information 2013

  • ISBN

    9788072319220

  • ISSN

  • e-ISSN

  • Number of pages

    8

  • Pages from-to

    63-70

  • Publisher name

    Univerzita obrany

  • Place of publication

    Brno

  • Event location

    Brno

  • Event date

    May 22, 2013

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

Similar results(10)

POSTER: Dragging Attackers to Honeypots for Effective Analysis of Cybernetic ThreatsTrustPort THREAT INTELLIGENCEDefinition of Attack in Context of High Level Interaction Honeypots