• DocumentCode
    1938348
  • Title

    Intrusion detection in Honeynets by compression and hashing

  • Author

    Abbasi, Fahim H. ; Harris, R.J.

  • Author_Institution
    Sch. of Eng. & Adv. Technol. (SEAT), Massey Univ., Palmerston North, New Zealand
  • fYear
    2010
  • fDate
    Oct. 31 2010-Nov. 3 2010
  • Firstpage
    96
  • Lastpage
    101
  • Abstract
    This paper proposes the design of a behaviour-based Intrusion Detection System (IDS), adopting Fuzzy hashing and Normalized Compression Distance (NCD) to determine similarity in behavioural profiles of worms and malware. The system runs in parallel with an existing knowledge or misuse-based system like Snort, but augments the intrusion detection capabilities by revealing malicious behaviour or activities within the Honeynet. The system integrates into a Honeynet, where the network-based events will be trapped by the gateway device, while system-based events will be trapped on the Honeypot(s). Results of prototype network system components are also discussed.
  • Keywords
    cryptography; invasive software; Honeypot; Snort; behaviour-based intrusion detection system design; fuzzy hashing; gateway device; honeynets; malware; misuse-based system; network-based events; normalized compression distance; system-based events; worms; Complexity theory; Databases; Grippers; Intrusion detection; Malware; Payloads; Protocols; intrusion detection system (IDS);
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Telecommunication Networks and Applications Conference (ATNAC), 2010 Australasian
  • Conference_Location
    Auckland
  • Print_ISBN
    978-1-4244-8173-6
  • Electronic_ISBN
    978-1-4244-8171-2
  • Type

    conf

  • DOI
    10.1109/ATNAC.2010.5680264
  • Filename
    5680264
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1938348