Acta Informatica Pragensia 2013, 2(1), 39-56 | DOI: 10.18267/j.aip.123170
Vplyv sofistikovaného hybridného Honeypotu na efektivitu architektúry systému detekcie prieniku v distribuovaných počítačových systémoch
- 1 Katedra počítačov a informatiky, Fakulta elektrotechniky a informatiky, Technická univerzita v Košiciach, Letná 9, 04001 Košice, Slovenská republika
- 2 Ústav Výpočtovej Techniky, Technická univerzita v Košiciach, Boženy Němcovej 3, 04001 Košice, Slovenská republika
Pri súčasnom vývoji technológií, rapídnom raste počítačových sietí a distribuovaných systémov, je reálne riziko útoku čoraz pravdepodobnejšie. Pre zvýšenie samotnej bezpečnosti systémov už bolo vytvorených a implementovaných množstvo riešení, ktoré mali slúžiť na detekciu a/alebo prevenciu pred samotnými útokmi. Najpoužívanejšie riešenie predstavuje použitie systému na detekciu prieniku (IDS) v kooperácii s firewallom. Avšak ani IDS a ani firewall nedokážu reagovať v reálnom čase, pokiaľ sa jedná o špecifický typ útoku. Táto práca sa zaoberá detekčným mechanizmom na báze technológie Honeypot a jeho využitím v navrhovanej architektúre pre zvýšenie bezpečnosti v počítačových systémoch. Podstatou práce je poukázať na to, ako dokáže sofistikovaný hybridný Honeypot vplývať na dizajn architektúry IDS a tým zvýšiť jej efektivitu.
Keywords: bezpečnosť počítačových systémov, honeypot, systém detekcie prienikov, škodlivý kód
Influence of Sophisticated Hybrid Honeypot on Efficiency of Intrusion Detection System Architecture in Distributed Computer Systems
In the current development of technologies, rapid growth of computer networks and distributed systems still exist a very probable risk of attack. There have been developed and implemented a number of solutions to help in detecting and/or preventing attacks and to improve the actual system security. The most common solution is to use Intrusion Detection System (IDS) in cooperation with the firewall. Neither the IDS nor firewall can respond in real time to a specific type of attack. This paper deals with the detection mechanism based on Honeypot technology and its use in the proposed architecture to improve security of computer systems. The essence of the work is to show how can sophisticated hybrid Honeypot influence the design of IDS architecture and thus increase its efficiency.
Keywords: Intrusion Detection System (IDS), Honeypot, Malicious code, Security
Received: March 31, 2013; Revised: May 27, 2013; Accepted: June 15, 2013; Published: June 29, 2013 Show citation
ACS | AIP | APA | ASA | Harvard | Chicago | Chicago Notes | IEEE | ISO690 | MLA | NLM | Turabian | Vancouver |
References
- MCGRAW, Gary a Greg MORRISETT. Attacking Malicious Code: A Report to the Infosec Research Council. IEEE Software: A report to the Infosec Research Council. 2000, vol. 17, issue 5, s. 33-41. DOI: 10.1109/52.877857.
Go to original source...
- MCHUGH, John, Alan CHRISTIE a Julia ALLEN. Defending Yourself: The Role of Intrusion Detection Systems. IEEE Software: A report to the Infosec Research Council. 2000, vol. 17, issue 5, s. 42-51. DOI: 10.1109/52.877859.
Go to original source...
- Know your enemy: revealing the security tools, tactics, and motives of the blackhat community. Boston: Addison-Wesley, c2002, xvii, 328 s. ISBN 02-017-4613-1.
- Snort. [online]. [cit. 2013-03-03]. Dostupné z: http://www.snort.org.
- CHUVAKIN, Anton. "Honeynets: High Value Security Data". Network Security. 2003, vol. 2003, issue 8, s. 11-15. DOI: 10.1016/S1353-4858(03)00808-0.
Go to original source...
- Symantec Corporation. SPITZNER, Lance a Marty ROESCH. The Value of Honeypots: Part One: Definitions and Values of Honeypots [online]. 2001, 3.11.2010 [cit. 2013-03-03]. Dostupné z: http://www.symantec.com/connect/articles/value-honeypots-part-one-definitions-and-values-honeypots.
- KECIA, Gubbels. Hands in the Honeypot. In: SANS Institute: InfoSec Reading Room [online]. 2002 [cit. 2013-06-03]. Dostupné z: http://www.sans.org/reading_room/whitepapers/detection/hands-honeypot_365.
- SPITZNER, Lance. Honeypots tracking hackers. Boston: Addison-Wesley, 2003, xxvi, 452 s. ISBN 03-211-0895-7.
- BAECHER, Paul, Markus KOETTER, Thorsten HOLZ, Maximillian DORNSEIF a Felix FREILING. The Nepenthes Platform: An Efficient Approach to Collect Malware. s. 165. DOI: 10.1007/11856214_9.
- BAUMANN, Reto a PLATTNER. White Paper: Honeypots. 2002. Dostupné z: http://www.rbaumann.net/download/whitepaper.pdf.
- SPITZNER, L. a PLATTNER. The honeynet project: trapping the hackers. IEEE Security. 2003, vol. 1, issue 2, s. 15-23. DOI: 10.1109/MSECP.2003.1193207.
Go to original source...
- SINGH, Ram Kumar a T. RAMANUJAM. Intrusion Detection System Using Advanced Honeypots. (IJCSIS) International Journal of Comput er Science and Info rmation Security [online]. 2009, roč. 2, č. 1 [cit. 2013-06-03]. Dostupné z: http://arxiv.org/ftp://arxiv/papers/0906/0906.5031.pdf.
- LYON, Gordon Fyodor. Nmap network scanning: official Nmap project guide to network discovery and security scanning. 1st ed. Sunnyvale, CA: Insecure.Com, LLC, c2008, xxix, 434 p. ISBN 09-799-5871-7.
- PROVOS, Niels. Honeyd: A Virtual Honeypot Daemon. Dostupné z: http://www.citi.umich.edu/u/provos/papers/honeyd-eabstract.pdf.
- Symantec Corporation. In: SPITZNER, Lance. Open Source Honeypots: Learning with Honeyd [online]. 2003, 2.11.2010 [cit. 2013-06-03]. Dostupné z: http://www.symantec.com/connect/articles/open-source-honeypots-learning-honeyd.
- SUTTON, Raplh Edvard Jr. Section 1: How to Build and Use a Honeypot. In: Docstoc: Documents & Resources for Small Businesses & Professionals [online]. 2008 [cit. 2013-06-03]. Dostupné z: http://www.docstoc.com/docs/1953205/How-to-build-and-use-a-Honeypot-By-Ralph-Edward-Sutton-Jr-DTEC.
- BALAZ, Anton a Liberios VOKOROKOS. Intrusion detection system based on partially ordered events and patterns. 2009 International Conference on Intelligent Engineering Systems. IEEE, 2009, s. 233-238. DOI: 10.1109/INES.2009.4924768.
Go to original source...
- VOKOROKOS, Liberios, Norbert ÁDÁM a Anton BALÁŽ. Application Of Intrusion Detection Systems In Distributed Computer Systems And Dynamic Networks [online]. Košice, 2008[cit. 2013-03-03]. ISBN 978-80-8086-100-1. Dostupné z: http://kpi1.fei.tuke.sk/CST08/CSetTRS08.pdf#page=23.
This is an open access article distributed under the terms of the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits use, distribution, and reproduction in any medium, provided the original publication is properly cited. No use, distribution or reproduction is permitted which does not comply with these terms.