All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Expert system assessing threat level of attacks on a hybrid SSH honeynet

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F61988987%3A17310%2F20%3AA21024I6" target="_blank" >RIV/61988987:17310/20:A21024I6 - isvavai.cz</a>

  • Result on the web

    <a href="https://www.sciencedirect.com/science/article/pii/S0167404820300699" target="_blank" >https://www.sciencedirect.com/science/article/pii/S0167404820300699</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1016/j.cose.2020.101784" target="_blank" >10.1016/j.cose.2020.101784</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Expert system assessing threat level of attacks on a hybrid SSH honeynet

  • Original language description

    Currently, many systems connected to the internet are exposed to hundreds of mostly automated network attacks on a daily basis. These are mostly very simple attacks originating from botnets. However, sophisticated attacks conducted both by automated systems and directly by humans are becoming more common. In order to develop adequate countermeasures, the behaviour of attackers has to be analysed effectively. Honeypots, a sort of lures for the attacks, are used for that purpose. Configuration of honeypots vary depending on the type of attacks they focus on attracting. For simple, analogous attacks that sequentially repeat predefined commands, medium interaction honeypots are sufficient, while more sophisticated attacks require the use of high interactive honeypots. An essential part of the analysis is to differentiate between these types of attacks to make the overall analysis efficient, in terms of efficient use of hardware resources, and effective by providing the attacker with an appropriately emulated environment. This article first analyses the current situation followed by presenting a solution in the form of a system made up of a hybrid honeynet and an expert system. For now, it focuses only on the SSH protocol, as it is widely used for remote system access and is a popular target of attacks. The system has been tested on real data collected over a one-year period. The article also deals with making redirecting SSH connections as transparent as possible.

  • Czech name

  • Czech description

Classification

  • Type

    J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database

  • CEP classification

  • OECD FORD branch

    10200 - Computer and information sciences

Result continuities

  • Project

  • Continuities

    S - Specificky vyzkum na vysokych skolach

Others

  • Publication year

    2020

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Name of the periodical

    Computers & Security

  • ISSN

    0167-4048

  • e-ISSN

  • Volume of the periodical

    92

  • Issue of the periodical within the volume

    May 2020

  • Country of publishing house

    GB - UNITED KINGDOM

  • Number of pages

    19

  • Pages from-to

    101784

  • UT code for WoS article

    000526984900032

  • EID of the result in the Scopus database

    2-s2.0-85081547742

Similar results(10)

SoftwareHigh-interaction Linux honeypot architecture in recent perspectiveAutomatic analysis of attack data from distributed honeypot network