{"title":"校园网服务器保护的基于代理的蜜网框架","authors":"Iksu Kim, M. Kim","doi":"10.1049/iet-ifs.2011.0154","DOIUrl":null,"url":null,"abstract":"Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) that use signatures cannot protect servers from new types of internet worms. Therefore it is important to collect information about new attacks because the detection rules employed by IDSs and IPSs are formulated using this information. Honeypots are valuable security resources that act as baits for attackers. They can monitor intrusions by being probed, attacked or compromised and can detect zero-day attacks and provide researchers intending to improve security with information about the attacks. However, it is almost impossible to immediately generate detection rules from the information collected by honeypots. This study presents an agent-based honeynet framework for protecting servers in a campus network. In this framework, agents remove malicious processes and executable files on servers infected by zero-day attacks as soon as the honeynet detects them. The proposed framework provides a novel defense mechanism that protects servers from new types of internet worms effectively, without the use of signatures.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"22 1","pages":"202-211"},"PeriodicalIF":0.0000,"publicationDate":"2012-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"Agent-based honeynet framework for protecting servers in campus networks\",\"authors\":\"Iksu Kim, M. Kim\",\"doi\":\"10.1049/iet-ifs.2011.0154\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) that use signatures cannot protect servers from new types of internet worms. Therefore it is important to collect information about new attacks because the detection rules employed by IDSs and IPSs are formulated using this information. Honeypots are valuable security resources that act as baits for attackers. They can monitor intrusions by being probed, attacked or compromised and can detect zero-day attacks and provide researchers intending to improve security with information about the attacks. However, it is almost impossible to immediately generate detection rules from the information collected by honeypots. This study presents an agent-based honeynet framework for protecting servers in a campus network. In this framework, agents remove malicious processes and executable files on servers infected by zero-day attacks as soon as the honeynet detects them. The proposed framework provides a novel defense mechanism that protects servers from new types of internet worms effectively, without the use of signatures.\",\"PeriodicalId\":13305,\"journal\":{\"name\":\"IET Inf. Secur.\",\"volume\":\"22 1\",\"pages\":\"202-211\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IET Inf. Secur.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1049/iet-ifs.2011.0154\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Inf. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1049/iet-ifs.2011.0154","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Agent-based honeynet framework for protecting servers in campus networks
Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) that use signatures cannot protect servers from new types of internet worms. Therefore it is important to collect information about new attacks because the detection rules employed by IDSs and IPSs are formulated using this information. Honeypots are valuable security resources that act as baits for attackers. They can monitor intrusions by being probed, attacked or compromised and can detect zero-day attacks and provide researchers intending to improve security with information about the attacks. However, it is almost impossible to immediately generate detection rules from the information collected by honeypots. This study presents an agent-based honeynet framework for protecting servers in a campus network. In this framework, agents remove malicious processes and executable files on servers infected by zero-day attacks as soon as the honeynet detects them. The proposed framework provides a novel defense mechanism that protects servers from new types of internet worms effectively, without the use of signatures.