Alata et al., 2006 - Google Patents
Lessons learned from the deployment of a high-interaction honeypotAlata et al., 2006
View PDF- Document ID
- 7018052115765545484
- Author
- Alata E
- Nicomette V
- Kaâniche M
- Dacier M
- Herrb M
- Publication year
- Publication venue
- 2006 Sixth European Dependable Computing Conference
External Links
Snippet
This paper presents an experimental study and the lessons learned from the observation of the attackers when logged on a compromised machine. The results are based on a six months period during which a controlled experiment has been run with a high interaction …
- 230000003993 interaction 0 abstract description 15
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Alata et al. | Lessons learned from the deployment of a high-interaction honeypot | |
| Kendall | A database of computer attacks for the evaluation of intrusion detection systems | |
| EP2149087B1 (en) | System and method for analyzing unauthorized intrusion into a computer network | |
| Nicomette et al. | Set-up and deployment of a high-interaction honeypot: experiment and lessons learned | |
| US8656493B2 (en) | Decoy network technology with automatic signature generation for intrusion detection and intrusion prevention systems | |
| Joshi et al. | Honeypots: a new paradigm to information security | |
| McGrew | Experiences with honeypot systems: Development, deployment, and analysis | |
| CN104468632A (en) | Loophole attack prevention method, device and system | |
| Kheirkhah et al. | An experimental study of ssh attacks by using honeypot decoys | |
| Rezaeirad et al. | {Schrödinger’s}{RAT}: Profiling the stakeholders in the remote access trojan ecosystem | |
| Martin et al. | Raspberry Pi Malware: An analysis of cyberattacks towards IoT devices | |
| Yamada et al. | RAT-based malicious activities detection on enterprise internal networks | |
| Masarweh et al. | Threat led advanced persistent threat penetration test | |
| Aliyev | Using honeypots to study skill level of attackers based on the exploited vulnerabilities in the network | |
| Nazario | Botnet tracking: Tools, techniques, and lessons learned | |
| Karie et al. | Cybersecurity incident response in the enterprise | |
| Colombini et al. | Cyber threats monitoring: Experimental analysis of malware behavior in cyberspace | |
| Meier | Hardening Windows-based honeypots to protect collected data | |
| Gallopeni et al. | Botnet command-and-control traffic analysis | |
| Bari | Protecting an enterprise network through the deployment of honey pot | |
| Berthier et al. | Analyzing the process of installing rogue software | |
| Chou | Labs and Three-Stage Learning Process Used in a Cyber Security Learning System | |
| Zhai et al. | Research on applications of honeypot in Campus Network security | |
| Boby | Tracing intruders using web application honeypot with metasploit contents | |
| Jayakrishnan et al. | Attack Patterns on IoT devices using Honey Net Cloud |