China
Africa
Explore chapters and articles related to this topic
Advanced Attack Detection and Prevention Systems by Using Botnet
Published in Monika Mangla, Ashok Kumar, Vaishali Mehta, Megha Bhushan, Sachi Nandan Mohanty, Real-Life Applications of the Internet of Things, 2022
Anjanna Matta, Altaf Ahmad, Shantanu Bhattacharya, Shubham Kumar
Turning our focus now to the defense side in computer security, it needs to continuously find innovative ways of countering the threats, and one way to deploy honeypots on top of standard security mechanisms [4]. A ‘honeypot’ is a “trap” network that appears to have important information and a fake network for hackers to somewhat easily gain access to. As a honeypot is basically used for malware collection, database, spam, and client. The main purpose of honeypots is to gather information about the attacker and the attack methods. As more number of peoples uses honeypots in monitoring to avoid honeypot traps, botnets will sooner try to find out. Botnets. Honeypots never try to replace traditional security mechanisms, but add another layer of security Botnets generally involve computers from several countries, and making tracking more difficult. Close co-operations between ISPs and private companies are essential.
Reconnaissance
Published in Nicholas Kolokotronis, Stavros Shiaeles, Cyber-Security Threats, Actors, and Dynamic Mitigation, 2021
Christos-Minas Mathas, Costas Vassilakis
Honeypots are systems that are set up to appear as exposed and vulnerable targets in a network in order to attract attackers to compromise them. Typically, they are not advertised to offer any useful service; therefore, probes or other communications targeted to a honeypot indicate a reconnaissance or an attack attempt with high probability, since no legitimate user has any interest to communicate with the honeypot. A properly configured honeypot may be compromised by an attacker, however even in this case it cannot be utilized by an attacker in any way, e.g. to provide elevated access to further targets. Honeypots monitor and log any network traffic destined for them, and any actions that are taken at post-exploitation time. The verbosity of the logging process depends on the configuration and purpose of the honeypot. They are used to detect and prevent attacks, while some are used for information gathering and research purposes [56].
Honeypots
Published in Mohssen Mohammed, Al-Sakib Khan Pathan, Automatic Defense Against Zero-day Polymorphic Worms in Communication Networks, 2016
Mohssen Mohammed, Al-Sakib Khan Pathan
We now ask a series of questions to give explanations about a hon-eypot’s definition. First, why do we need to make a honeypot? The answers are as follows: A honeypot collects information about who is trying to compromise our system. How? The honeypot has tools that can keep traces of the source and destinations.A honeypot can provide us with the information about which tools and tactics have been used by the attacker to compromise our system. Such information can be found in the techniques that have been used inside a honeypot, such as firewall logs, intrusion detection systems (IDSs), and system logs. By obtaining this information, we can avoid such attacks in the future. How? We improve our system against these known attacks. This point (i.e., collecting information about tools and tactics) is considered as the most important goal of a honeypot because anyone likes to make a system as complex as possible so that it becomes more difficult for attackers to compromise the system.By using a honeypot, we can have zero-day attacks (unknown attacks). We should mention that most honeypot users are researchers because the honeypot provides them with extensive information about various attacks and their patterns. There are other people as well who make honeypots for other goals, like finding a solution for an attack in a company, simply as a test, for a demonstration of the concept, and so on.
Abnormal network packets identification using header information collected from Honeywall architecture
Published in Journal of Information and Telecommunication, 2023
Kha Van Nguyen, Hai Thanh Nguyen, Thang Quyet Le, Quang Nhat Minh Truong
We have deployed a data collection model based on Gen II Honeynet architecture (proposed by Provos and Holz (2007)), with a design as exhibited in Figure 2 including three components: Honeypots are designed to attract attackers using older operating systems, frameworks, and libraries with vulnerabilities. Moreover, the Honeypot is an effective tool to monitor and save traces of attacks, helping scientists and network administrators catch the system's security holes.Honeywall is a transparent Gateway for highly interactive Honeypots in the Honeynet and is undetectable by an attacker. Honeywall performs logging and control of access to and from Honeypot by Snort. Snort is an open-source network penetration detection system capable of performing real-time network traffic analysis and network packet logging using Internet protocols. In addition, it can perform protocol analysis, aggregation, or content search. Moreover, it can detect many types of attacks and probes, such as Buffer Overflow, Stealth Port Scan, CGI Attack, SMB Probe, OS Fingerprinting Attempts, etc.Management connects SSH to Honeywall to retrieve analytical data. In addition, an SSH connection makes remote Honeywall access secure.
Insider Intrusion Detection Techniques: A State-of-the-Art Review
Published in Journal of Computer Information Systems, 2023
Traitors are special types of insiders who misuse their authentic credentials to perform unauthorized activities. Here the activity profile-based detection may yield a large number of false positives and false negatives. As anomaly-based detection cannot be used effectively, new techniques are evolved such as honeypots, honeynets and honey tokens. Honeypots are systems to attract bad insiders and encourage them to interact like a real system and can reduce the false negatives and positives of anomaly-based detection. Decoy documents are variations of trapping mechanism for insiders to create confusion and detect traitors58–60 and also log deletion-based detection 61 to trap malicious employees.