Title :
Honeynet-based collaborative defense using improved highly predictive blacklisting algorithm
Author :
Ma, Xiaobo ; Zhu, Jiahong ; Wan, Zhiyu ; Tao, Jing ; Guan, Xiaohong ; Zheng, Qinghua
Author_Institution :
MOE KLINNS Lab., Xi´´an Jiaotong Univ., Xi´´an, China
Abstract :
We present a honeynet-based collaborative defense framework and an improved highly predictive blacklisting algorithm is developed to generate highly personalized and predictive blacklists for individual networks by correlating historic attackers captured by honeynet deployed in each network. In this way, different networks can defend new attackers in a collaborative way because one network will notify another network, by dint of honeynet, of the most probable attackers in the near future based on their historic correlation. A relatively proactive defense strategy is realized based on honeynet in a collaborative way and we evaluated our algorithm with real-world honeynet traces captured in different subnets. The results show our method can generate highly personalized and predictive blacklists for individual networks with a high hit rate and defense rate.
Keywords :
Internet; computer network security; groupware; historic attackers; honeynet based collaborative defense framework; improved highly predictive blacklisting algorithm; Collaboration; Delay effects; Measurement; Prediction algorithms; Security; Testing; Training; Blacklist; Collaborative Defense; Honeynet; Network Security;
Conference_Titel :
Intelligent Control and Automation (WCICA), 2010 8th World Congress on
Conference_Location :
Jinan
Print_ISBN :
978-1-4244-6712-9
DOI :
10.1109/WCICA.2010.5554909
