Agent-based honeynet framework for protecting servers in campus networks

Iksu Kim, M. Kim
{"title":"Agent-based honeynet framework for protecting servers in campus networks","authors":"Iksu Kim, M. Kim","doi":"10.1049/iet-ifs.2011.0154","DOIUrl":null,"url":null,"abstract":"Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) that use signatures cannot protect servers from new types of internet worms. Therefore it is important to collect information about new attacks because the detection rules employed by IDSs and IPSs are formulated using this information. Honeypots are valuable security resources that act as baits for attackers. They can monitor intrusions by being probed, attacked or compromised and can detect zero-day attacks and provide researchers intending to improve security with information about the attacks. However, it is almost impossible to immediately generate detection rules from the information collected by honeypots. This study presents an agent-based honeynet framework for protecting servers in a campus network. In this framework, agents remove malicious processes and executable files on servers infected by zero-day attacks as soon as the honeynet detects them. The proposed framework provides a novel defense mechanism that protects servers from new types of internet worms effectively, without the use of signatures.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"22 1","pages":"202-211"},"PeriodicalIF":0.0000,"publicationDate":"2012-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Inf. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1049/iet-ifs.2011.0154","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 14

Abstract

Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) that use signatures cannot protect servers from new types of internet worms. Therefore it is important to collect information about new attacks because the detection rules employed by IDSs and IPSs are formulated using this information. Honeypots are valuable security resources that act as baits for attackers. They can monitor intrusions by being probed, attacked or compromised and can detect zero-day attacks and provide researchers intending to improve security with information about the attacks. However, it is almost impossible to immediately generate detection rules from the information collected by honeypots. This study presents an agent-based honeynet framework for protecting servers in a campus network. In this framework, agents remove malicious processes and executable files on servers infected by zero-day attacks as soon as the honeynet detects them. The proposed framework provides a novel defense mechanism that protects servers from new types of internet worms effectively, without the use of signatures.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
校园网服务器保护的基于代理的蜜网框架
使用签名的入侵检测系统和入侵防御系统无法保护服务器免受新型网络蠕虫的攻击。因此,收集新的攻击信息非常重要,因为ddos和ips的检测规则就是根据这些信息制定的。蜜罐是有价值的安全资源,可以作为攻击者的诱饵。它们可以通过被探测、被攻击或被破坏来监控入侵,还可以检测到零日攻击,并向打算提高安全性的研究人员提供有关攻击的信息。然而,从蜜罐收集的信息中立即生成检测规则几乎是不可能的。本研究提出了一个基于代理的蜜网框架,用于保护校园网中的服务器。在这个框架中,一旦蜜网检测到被零日攻击感染的服务器上的恶意进程和可执行文件,代理就会删除它们。提出的框架提供了一种新的防御机制,可以有效地保护服务器免受新型互联网蠕虫的攻击,而无需使用签名。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Revisit Two Memoryless State-Recovery Cryptanalysis Methods on A5/1 Improved Lattice-Based Mix-Nets for Electronic Voting Adaptive and survivable trust management for Internet of Things systems Comment on 'Targeted Ciphers for Format-Preserving Encryption' from Selected Areas in Cryptography 2018 Time-specific encrypted range query with minimum leakage disclosure
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1