Honeynet-based collaborative defense using improved highly predictive blacklisting algorithm

Author

Ma, Xiaobo ; Zhu, Jiahong ; Wan, Zhiyu ; Tao, Jing ; Guan, Xiaohong ; Zheng, Qinghua

Author_Institution

MOE KLINNS Lab., Xi´´an Jiaotong Univ., Xi´´an, China

fYear

2010

Firstpage

1283

Lastpage

1288

Abstract

We present a honeynet-based collaborative defense framework and an improved highly predictive blacklisting algorithm is developed to generate highly personalized and predictive blacklists for individual networks by correlating historic attackers captured by honeynet deployed in each network. In this way, different networks can defend new attackers in a collaborative way because one network will notify another network, by dint of honeynet, of the most probable attackers in the near future based on their historic correlation. A relatively proactive defense strategy is realized based on honeynet in a collaborative way and we evaluated our algorithm with real-world honeynet traces captured in different subnets. The results show our method can generate highly personalized and predictive blacklists for individual networks with a high hit rate and defense rate.

Keywords

Internet; computer network security; groupware; historic attackers; honeynet based collaborative defense framework; improved highly predictive blacklisting algorithm; Collaboration; Delay effects; Measurement; Prediction algorithms; Security; Testing; Training; Blacklist; Collaborative Defense; Honeynet; Network Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligent Control and Automation (WCICA), 2010 8th World Congress on

Conference_Location

Jinan

Print_ISBN

978-1-4244-6712-9

Type

conf

DOI

10.1109/WCICA.2010.5554909

Filename

5554909