A case study on host based data analysis & cyber criminal profiling in Honeynets

Author

Bhatia, J.S. ; Sehgal, Rakesh ; Bhushan, Bharat ; Kaur, Hameet

Author_Institution

CDAC-Mohali, Mohali

fYear

2009

fDate

5-10 Jan. 2009

Firstpage

1

Lastpage

2

Abstract

The single detection component of Honeynet i.e. Snort is not sufficient to reasonably classify the total Honeynet malicious domain. The critical issue is the realization of detection layers for enhanced analysis of cyber threats. This paper presents significance & results obtained following integration of host layer in the form of open source HIDS (Host based Intrusion Detection System) to already existing network layer i.e. Snort in Gen 3 Honeynet architecture. The investigation is further carried out to extract the intelligence from the enhanced Honeynet system. The resultant Honeynet system enables the forensic profiling of the cyber criminal through the retrieval of critical parameters from Honeynet database. The various attributes for profile generation have been clearly indicated in terms of the Honeynet database key fields to establish a characteristic model of the attacker.

Keywords

computer crime; data analysis; Gen 3 Honeynet architecture; Honeynet database; Honeynet malicious domain; Snort intrusion detection system; cyber criminal profiling; cyber threat analysis; host-based data analysis; open source HIDS; Assembly; Availability; Character generation; Computer aided software engineering; Data analysis; Deductive databases; Forensics; Information retrieval; Intrusion detection; Visualization;

fLanguage

English

Publisher

ieee

Conference_Titel

Communication Systems and Networks and Workshops, 2009. COMSNETS 2009. First International

Conference_Location

Bangalore

Print_ISBN

978-1-4244-2912-7

Electronic_ISBN

978-1-4244-2913-4

Type

conf

DOI

10.1109/COMSNETS.2009.4808902

Filename

4808902