Parallel Hybrid Honeypot and IDS Architecture to Detect Network Attacks
Authors: Hafiz Gulfam Ahmad, Chuangdong Li, Zeeshan Ahmad
Abstract:
In this paper, we have proposed a parallel IDS and honeypot based approach to detect and analyze the unknown and known attack taxonomy for improving the IDS performance and protecting the network from intruders. The main theme of our approach is to record and analyze the intruder activities by using both the low and high interaction honeypots. Our architecture aims to achieve the required goals by combing signature based IDS, honeypots and generate the new signatures. The paper describes the basic component, design and implementation of this approach and also demonstrates the effectiveness of this approach to reduce the probability of network attacks.
Keywords: Network security, Intrusion detection, Honeypot, Snort, Nmap.
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1097150
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2534References:
[1] A.Valses, K, Skinner, “Probabilistic Alert Correlation”, LNCS, vol. 2212, Recent Advances in Intrusion Detection, RAID 2001, Springer- Verlag.
[2] Mukherjee, B.; Heberlein, L.T.; Levitt, K.N., "Network intrusion detection," Network, IEEE , vol.8, no.3, pp.26,41, May-June 1994.
[3] R. Srivastava, V. Richhariya, “Survey of Current Network Intrusion Detection Techniques”, Journal of Information Engineering and Applications, Vol.3, No.6, 2013
[4] The Symantec Internet Security Threat Report (ISTR) Volume 17 ,2011
[5] Brown DJ, Suckow B, Wang T, “A Survey of Intrusion Detection Systems”, Department of Computer Science, University of California, San Diego; 2002.
[6] Yeldi S., Gupta S., Ganacharya T., Doshi S., Bahirat D., Ingle R.,et-al.” Enhancing network intrusion detection system with honeypot”. Conference on Convergent Technologies for Asia-Pacific Region TENCON 2003; October 2003. p. 1521–6.
[7] Stavroulakis P, Stamp M. Handbook of information and communication security. New York: Springer-Verlag; 2010.
[8] TF Lunt, “A survey of intrusion detection techniques”. Computers & Security, 12 (1993), pp. 405–418.
[9] StiawanD, Abdullah, AH, Idris, MY.” The trends of intrusion prevention system network”. In: Second international conference on education technology and computer (ICETC) 4; 2010: 217–21.
[10] Brown DJ, Suckow B, Wang T, A Survey of Intrusion Detection Systems. Department of Computer Science, University of California, San Diego; 2002.
[11] Chirag Modi a,n, DhirenPatel, “A survey of intrusion detection techniques in Cloud”. Journal of Network and Computer Applications 36 (2013) 42–57.
[12] Hung-Jen Liaoa, , Chun-Hung Richard Lin, “Intrusion detection system: A comprehensive review”. Elsevier Volume 36, Issue 1, January 2013, Pages 16–24
[13] Holz, Thorsten, and Frederic Raynal. "Detecting honeypots and other suspicious environments." Information Assurance Workshop, 2005. IAW'05. Proceedings from the Sixth Annual IEEE SMC. IEEE, 2005.
[14] Yin, Chunmei, et al. "Honeypot and scan detection in intrusion detection system." Electrical and Computer Engineering, 2004. Canadian Conference on. Vol. 2. IEEE, 2004
[15] Tian, Jun-Feng, et al. "A Study of Intrusion Signature Based on Honeypot." Parallel and Distributed Computing, Applications and Technologies, 2005. PDCAT 2005. Sixth International Conference on. IEEE, 2005.
[16] Portokalidis, Georgios, and Herbert Bos. "SweetBait: Zero-hour worm detection and containment using low-and high-interaction honeypots." Computer Networks 51.5 (2007): 1256-1274.
[17] Umar, Hafiz Gulfam Ahmad, Chuangdong Li, and Zeeshan Ahmad. "Parallel Component Agent Architecture to Improve the Efficiency of Signature Based NIDS." Journal of Advances in Computer Networks 2.4 (2014).
[18] Newsome, James, Brad Karp, and Dawn Song. "Polygraph: Automatically generating signatures for polymorphic worms." Security and Privacy, 2005 IEEE Symposium on. IEEE, 2005.