Flow-based Monitoring of Honeypots

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F13%3A00065721" target="_blank" >RIV/00216224:14610/13:00065721 - isvavai.cz</a>

Výsledek na webu

—

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

Flow-based Monitoring of Honeypots

Popis výsledku v původním jazyce

Honeypots are known as an effective tools for discovering new attacks and for observing activity of the attackers. However, they are often seen as a research-oriented tools for security professionals that require constant supervision. We have created anincident detection system based on a combination of honeypots and flow-based monitoring that takes the best of both without additional complexity. In this paper we present deployment of both low-interaction and high-interaction honeypots and their monitoring based on network flows. We show how honeypots can be used as an automatic detection tool in the production network. We present a plug-in called honeyscan for widely-used NetFlow collector NfSen that was developed to monitor and evaluate network activity of the honeypot and to report security incidents. This plug-in processes traffic destined to honeypots, stores credentials from authentication attempts, and observes attacker's activity in the protected network.

Název v anglickém jazyce

Flow-based Monitoring of Honeypots

Popis výsledku anglicky

Honeypots are known as an effective tools for discovering new attacks and for observing activity of the attackers. However, they are often seen as a research-oriented tools for security professionals that require constant supervision. We have created anincident detection system based on a combination of honeypots and flow-based monitoring that takes the best of both without additional complexity. In this paper we present deployment of both low-interaction and high-interaction honeypots and their monitoring based on network flows. We show how honeypots can be used as an automatic detection tool in the production network. We present a plug-in called honeyscan for widely-used NetFlow collector NfSen that was developed to monitor and evaluate network activity of the honeypot and to report security incidents. This plug-in processes traffic destined to honeypots, stores credentials from authentication attempts, and observes attacker's activity in the protected network.

Druh

D - Stať ve sborníku

CEP obor

IN - Informatika

OECD FORD obor

—

Projekt

<a href="/cs/project/VG20132015103" target="_blank" >VG20132015103: Kybernetický polygon</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2013

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Security and Protection of Information 2013

ISBN

9788072319220

ISSN

—

e-ISSN

—

Počet stran výsledku

8

Strana od-do

63-70

Název nakladatele

Univerzita obrany

Místo vydání

Brno

Místo konání akce

Brno

Datum konání akce

22. 5. 2013

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—