Parallel Hybrid Honeypot and IDS Architecture to Detect Network Attacks
In this paper, we have proposed a parallel IDS and
honeypot based approach to detect and analyze the unknown and
known attack taxonomy for improving the IDS performance and
protecting the network from intruders. The main theme of our
approach is to record and analyze the intruder activities by using both
the low and high interaction honeypots. Our architecture aims to
achieve the required goals by combing signature based IDS,
honeypots and generate the new signatures. The paper describes the
basic component, design and implementation of this approach and
also demonstrates the effectiveness of this approach to reduce the
probability of network attacks.
[1] A.Valses, K, Skinner, “Probabilistic Alert Correlation”, LNCS, vol.
2212, Recent Advances in Intrusion Detection, RAID 2001, Springer-
Verlag.
[2] Mukherjee, B.; Heberlein, L.T.; Levitt, K.N., "Network intrusion
detection," Network, IEEE , vol.8, no.3, pp.26,41, May-June 1994.
[3] R. Srivastava, V. Richhariya, “Survey of Current Network Intrusion
Detection Techniques”, Journal of Information Engineering and
Applications, Vol.3, No.6, 2013
[4] The Symantec Internet Security Threat Report (ISTR) Volume 17
,2011<http://www.symantec.com/about/news/resources/press_kits/detail
.jsp?pkid=threat_report_17> le),” .
[5] Brown DJ, Suckow B, Wang T, “A Survey of Intrusion Detection
Systems”, Department of Computer Science, University of California,
San Diego; 2002.
[6] Yeldi S., Gupta S., Ganacharya T., Doshi S., Bahirat D., Ingle R.,et-al.”
Enhancing network intrusion detection system with honeypot”.
Conference on Convergent Technologies for Asia-Pacific Region
TENCON 2003; October 2003. p. 1521–6.
[7] Stavroulakis P, Stamp M. Handbook of information and communication
security. New York: Springer-Verlag; 2010.
[8] TF Lunt, “A survey of intrusion detection techniques”. Computers &
Security, 12 (1993), pp. 405–418.
[9] StiawanD, Abdullah, AH, Idris, MY.” The trends of intrusion prevention
system network”. In: Second international conference on education
technology and computer (ICETC) 4; 2010: 217–21.
[10] Brown DJ, Suckow B, Wang T, A Survey of Intrusion Detection
Systems. Department of Computer Science, University of California,
San Diego; 2002.
[11] Chirag Modi a,n, DhirenPatel, “A survey of intrusion detection
techniques in Cloud”. Journal of Network and Computer Applications
36 (2013) 42–57.
[12] Hung-Jen Liaoa, , Chun-Hung Richard Lin, “Intrusion detection system:
A comprehensive review”. Elsevier Volume 36, Issue 1, January 2013,
Pages 16–24
[13] Holz, Thorsten, and Frederic Raynal. "Detecting honeypots and other
suspicious environments." Information Assurance Workshop, 2005.
IAW'05. Proceedings from the Sixth Annual IEEE SMC. IEEE, 2005.
[14] Yin, Chunmei, et al. "Honeypot and scan detection in intrusion detection
system." Electrical and Computer Engineering, 2004. Canadian
Conference on. Vol. 2. IEEE, 2004
[15] Tian, Jun-Feng, et al. "A Study of Intrusion Signature Based on
Honeypot." Parallel and Distributed Computing, Applications and
Technologies, 2005. PDCAT 2005. Sixth International Conference on.
IEEE, 2005.
[16] Portokalidis, Georgios, and Herbert Bos. "SweetBait: Zero-hour worm
detection and containment using low-and high-interaction honeypots."
Computer Networks 51.5 (2007): 1256-1274.
[17] Umar, Hafiz Gulfam Ahmad, Chuangdong Li, and Zeeshan Ahmad.
"Parallel Component Agent Architecture to Improve the Efficiency of
Signature Based NIDS." Journal of Advances in Computer Networks 2.4
(2014).
[18] Newsome, James, Brad Karp, and Dawn Song. "Polygraph:
Automatically generating signatures for polymorphic worms." Security
and Privacy, 2005 IEEE Symposium on. IEEE, 2005.
[1] A.Valses, K, Skinner, “Probabilistic Alert Correlation”, LNCS, vol.
2212, Recent Advances in Intrusion Detection, RAID 2001, Springer-
Verlag.
[2] Mukherjee, B.; Heberlein, L.T.; Levitt, K.N., "Network intrusion
detection," Network, IEEE , vol.8, no.3, pp.26,41, May-June 1994.
[3] R. Srivastava, V. Richhariya, “Survey of Current Network Intrusion
Detection Techniques”, Journal of Information Engineering and
Applications, Vol.3, No.6, 2013
[4] The Symantec Internet Security Threat Report (ISTR) Volume 17
,2011<http://www.symantec.com/about/news/resources/press_kits/detail
.jsp?pkid=threat_report_17> le),” .
[5] Brown DJ, Suckow B, Wang T, “A Survey of Intrusion Detection
Systems”, Department of Computer Science, University of California,
San Diego; 2002.
[6] Yeldi S., Gupta S., Ganacharya T., Doshi S., Bahirat D., Ingle R.,et-al.”
Enhancing network intrusion detection system with honeypot”.
Conference on Convergent Technologies for Asia-Pacific Region
TENCON 2003; October 2003. p. 1521–6.
[7] Stavroulakis P, Stamp M. Handbook of information and communication
security. New York: Springer-Verlag; 2010.
[8] TF Lunt, “A survey of intrusion detection techniques”. Computers &
Security, 12 (1993), pp. 405–418.
[9] StiawanD, Abdullah, AH, Idris, MY.” The trends of intrusion prevention
system network”. In: Second international conference on education
technology and computer (ICETC) 4; 2010: 217–21.
[10] Brown DJ, Suckow B, Wang T, A Survey of Intrusion Detection
Systems. Department of Computer Science, University of California,
San Diego; 2002.
[11] Chirag Modi a,n, DhirenPatel, “A survey of intrusion detection
techniques in Cloud”. Journal of Network and Computer Applications
36 (2013) 42–57.
[12] Hung-Jen Liaoa, , Chun-Hung Richard Lin, “Intrusion detection system:
A comprehensive review”. Elsevier Volume 36, Issue 1, January 2013,
Pages 16–24
[13] Holz, Thorsten, and Frederic Raynal. "Detecting honeypots and other
suspicious environments." Information Assurance Workshop, 2005.
IAW'05. Proceedings from the Sixth Annual IEEE SMC. IEEE, 2005.
[14] Yin, Chunmei, et al. "Honeypot and scan detection in intrusion detection
system." Electrical and Computer Engineering, 2004. Canadian
Conference on. Vol. 2. IEEE, 2004
[15] Tian, Jun-Feng, et al. "A Study of Intrusion Signature Based on
Honeypot." Parallel and Distributed Computing, Applications and
Technologies, 2005. PDCAT 2005. Sixth International Conference on.
IEEE, 2005.
[16] Portokalidis, Georgios, and Herbert Bos. "SweetBait: Zero-hour worm
detection and containment using low-and high-interaction honeypots."
Computer Networks 51.5 (2007): 1256-1274.
[17] Umar, Hafiz Gulfam Ahmad, Chuangdong Li, and Zeeshan Ahmad.
"Parallel Component Agent Architecture to Improve the Efficiency of
Signature Based NIDS." Journal of Advances in Computer Networks 2.4
(2014).
[18] Newsome, James, Brad Karp, and Dawn Song. "Polygraph:
Automatically generating signatures for polymorphic worms." Security
and Privacy, 2005 IEEE Symposium on. IEEE, 2005.
@article{"International Journal of Information, Control and Computer Sciences:68427", author = "Hafiz Gulfam Ahmad and Chuangdong Li and Zeeshan Ahmad", title = "Parallel Hybrid Honeypot and IDS Architecture to Detect Network Attacks", abstract = "In this paper, we have proposed a parallel IDS and
honeypot based approach to detect and analyze the unknown and
known attack taxonomy for improving the IDS performance and
protecting the network from intruders. The main theme of our
approach is to record and analyze the intruder activities by using both
the low and high interaction honeypots. Our architecture aims to
achieve the required goals by combing signature based IDS,
honeypots and generate the new signatures. The paper describes the
basic component, design and implementation of this approach and
also demonstrates the effectiveness of this approach to reduce the
probability of network attacks.
", keywords = "Network security, Intrusion detection, Honeypot,
Snort, Nmap.", volume = "8", number = "12", pages = "2144-5", }
