التفاصيل البيبلوغرافية
| العنوان: |
A Honeypot Architecture for Detecting and Analyzing Unknown Network Attacks. |
| المؤلفون: |
Müller, Paul, Gotzhein, Reinhard, Schmitt, Jens B., Diebold, Patrick, Hess, Andreas, Schäfer, Günter |
| المصدر: |
Kommunikation in Verteilten Systemen (KiVS); 2005, p245-255, 11p |
| مصطلحات موضوعية: |
COMPUTER network security, COMPUTER security, LOCAL area networks, MERCHANT ships, RIVER steamers |
| مستخلص: |
In this paper, we propose a honeypot architecture for detecting and analyzing unknown network attacks. The main focus of our approach lies in improving the “significance” of recorded events and network traffic that need to be analyzed by a human network security operator in order to identify a new attacking pattern. Our architecture aims to achieve this goal by combining three main components: 1. a packet filter that suppresses all known attacking packets, 2. a proxy host that performs session-individual logging of network traffic, and 3. a honeypot host that executes actual network services to be potentially attacked from the Internet in a carefully supervised environment and that reports back to the proxy host upon the detection of suspicious behavior. Experiences with our first prototype of this concept show that it is relatively easy to specify suspicious behavior and that traffic belonging to an attack can be successfully identified and marked. [ABSTRACT FROM AUTHOR] |
|
Copyright of Kommunikation in Verteilten Systemen (KiVS) is the property of Springer Nature / Books and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) |
| قاعدة البيانات: |
Complementary Index |