Title :
Multi Layer Cyber Attack Detection through Honeynet
Author :
Bhatia, J.S. ; Sehgal, Rakesh ; Bhushan, Bharat ; Kaur, Harneet
Author_Institution :
CDAC-Mohali
Abstract :
Intrusion detection forms an indispensable component of cyber security. To keep pace with the growing trends of blackhat community, there is an urgent need to replace single layer detection technology with multi layer detection. Our practical experiences depicted the retrieval of attack evidences from system traces. This paper signifies the integration of host-based intrusion detection system (HIDS) with already existing network based detection on Gen 3 Honeynet architecture. The integration procedure involves the stealth mode operation of HIDS sensor, code organization to generate HIDS alerts in a standard format with requisite network parameters, enhancing the functionality of data fusion to pipeline HIDS sensor with other data sensors for real-time operation and correlation with established network sessions, and further visualization on graphical analysis console. The benefits of new Honeynet architecture have been established. The results in the form of statistical trend distribution and percentage reduction of Honeynet data have been presented.
Keywords :
security of data; sensor fusion; statistical distributions; Gen 3 Honeynet architecture; blackhat community; code organization; cyber security; data fusion; graphical analysis console; host-based intrusion detection system; multilayer cyber attack detection; percentage reduction; statistical trend distribution; stealth mode operation; Code standards; Communication system security; Computer security; Data analysis; Data visualization; Fusion power generation; Intrusion detection; Pipelines; Sensor fusion; Standards organizations;
Conference_Titel :
New Technologies, Mobility and Security, 2008. NTMS '08.
Conference_Location :
Tangier
Print_ISBN :
978-1-42443547-0
DOI :
10.1109/NTMS.2008.ECP.65
