Scholarworks Repository

A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks

Show simple item record

dc.contributor.author Artail H.
dc.contributor.author Safa H.
dc.contributor.author Sraj M.
dc.contributor.author Kuwatly I.
dc.contributor.author Al-Masri Z.
dc.contributor.editor
dc.date 2006
dc.date.accessioned 2017-10-04T11:07:33Z
dc.date.available 2017-10-04T11:07:33Z
dc.date.issued 2006
dc.identifier 10.1016/j.cose.2006.02.009
dc.identifier.isbn
dc.identifier.issn 01674048
dc.identifier.uri http://hdl.handle.net/10938/14698
dc.description.abstract This paper proposes a hybrid and adaptable honeypot-based approach that improves the currently deployed IDSs for protecting networks from intruders. The main idea is to deploy low-interaction honeypots that act as emulators of services and operating systems and have them direct malicious traffic to high-interaction honeypots, where hackers engage with real services. The setup permits for recording and analyzing the intruder's activities and using the results to take administrative actions toward protecting the network. The paper describes the basic components, design, operation, implementation and deployment of the proposed approach, and presents several performance and load testing scenarios. Implementation and performance plus load testing show the adaptability of the proposed approach and its effectiveness in reducing the probability of attacks on production computers. © 2006 Elsevier Ltd. All rights reserved.
dc.format.extent
dc.format.extent Pages: (274-288)
dc.language English
dc.publisher OXFORD
dc.relation.ispartof Publication Name: Computers and Security; Publication Year: 2006; Volume: 25; no. 4; Pages: (274-288);
dc.relation.ispartofseries
dc.relation.uri
dc.source Scopus
dc.subject.other
dc.title A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks
dc.type Article
dc.contributor.affiliation Artail, H., Department of Electrical and Computer Engineering, American University of Beirut, P.O. Box 11-0236, Riad El-Solh, Beirut 1107 2020, Lebanon
dc.contributor.affiliation Safa, H., Department of Computer Science, American University of Beirut, P.O. Box 11-0236, Riad El-Solh, Beirut 1107 2020, Lebanon
dc.contributor.affiliation Sraj, M., Department of Electrical and Computer Engineering, American University of Beirut, P.O. Box 11-0236, Riad El-Solh, Beirut 1107 2020, Lebanon
dc.contributor.affiliation Kuwatly, I., Department of Electrical and Computer Engineering, American University of Beirut, P.O. Box 11-0236, Riad El-Solh, Beirut 1107 2020, Lebanon
dc.contributor.affiliation Al-Masri, Z., Department of Electrical and Computer Engineering, American University of Beirut, P.O. Box 11-0236, Riad El-Solh, Beirut 1107 2020, Lebanon
dc.contributor.authorAddress Artail, H.; Department of Electrical and Computer Engineering, American University of Beirut, P.O. Box 11-0236, Riad El-Solh, Beirut 1107 2020, Lebanon; email: hartail@aub.edu.lb
dc.contributor.authorCorporate University: American University of Beirut; Faculty: Faculty of Engineering and Architecture; Department: Electrical and Computer Engineering;
dc.contributor.authorDepartment Electrical and Computer Engineering
dc.contributor.authorDivision
dc.contributor.authorEmail hartail@aub.edu.lb; hs33@aub.edu.lb; mas44@aub.edu.lb; imk0l@aub.edu.lb; zoa0l@aub.edu.lb
dc.contributor.authorFaculty Faculty of Engineering and Architecture
dc.contributor.authorInitials Artail, H
dc.contributor.authorInitials Safa, H
dc.contributor.authorInitials Sraj, M
dc.contributor.authorInitials Kuwatly, I
dc.contributor.authorInitials Al-Masri, Z
dc.contributor.authorOrcidID
dc.contributor.authorReprintAddress Artail, H (reprint author), Amer Univ Beirut, Dept Elect and Comp Engn, POB 11-0236, Beirut 1107 2020, Lebanon.
dc.contributor.authorResearcherID
dc.contributor.authorUniversity American University of Beirut
dc.description.cited Anderson J. P., 1980, COMPUTER SECURITY TH; BALASUBRAMANIYA.J, 1998, P COMP SEC APPL C; Bauer D. S., 1988, Proceedings of the Computer Networking Symposium (Cat. No.88CH2547-8), DOI 10.1109-CNS.1988.4983; Bernardes M. C., 2000, Proceedings International Symposium on Software Engineering for Parallel and Distributed Systems, DOI 10.1109-PDSE.2000.847862; Budiarto R., 2004, Proceedings. 2004 International Conference on Information and Communication Technologies: From Theory to Applications (IEEE Cat. No.04EX852), DOI 10.1109-ICTTA.2004.1307887; Dacier M., 2004, Proceedings. 10th IEEE Pacific Rim International Symposium on Dependable Computing; Dasgupta D, 2005, COMPUT SECUR, V24, P387, DOI 10.1016-j.cose.2005.01.004; Denning D. E., 1986, Proceedings of the 1986 IEEE Symposium on Security and Privacy (Cat. No.86CH2292-1); Eskin Eleazar, 2000, P 17 INT C MACH LEAR, P255, DOI DOI 10.1109-ICCSA.2008.70; GUANGCHUN L, 2003, ACM SIGOPS OPERATING, V37, P46, DOI 10.1145-881775.881780; Helmer G, 2003, J SYST SOFTWARE, V67, P109, DOI 10.1016-S0164-1212(02)00092-4; Hofmeyr S. A., 1998, Journal of Computer Security, V6; Innella P., 2001, INTRO INTRUSION DETE; Jiang WB, 2005, COMPUT SECUR, V24, P287, DOI 10.1016-j.cose.2004.07.005; KHATTAB M, 2004, P IEEE 24 INT C DIST, P328; Krawetz N, 2004, IEEE SECUR PRIV, V2, P76, DOI 10.1109-MSECP.2004.1264861; Kreibich C, 2004, ACM SIGCOMM COMP COM, V34, P51, DOI 10.1145-972374.972384; Kuwatly I., 2004, Proceedings. The IEEE-ACS International Conference on Pervasive Services (IEEE Cat. No.04EX892); Levine JG, 2004, IEEE SECUR PRIV, V2, P73, DOI 10.1109-MSP.2004.115; Liao YH, 2002, COMPUT SECUR, V21, P439, DOI 10.1016-S0167-4048(02)00514-X; McCarty B., 2003, IEEE Security and Privacy, V1, DOI 10.1109-MSECP.2003.1253575; Mell P, 2000, COMPUT NETW, V34, P641, DOI 10.1016-S1389-1286(00)00141-9; Raynal F, 2004, IEEE SECUR PRIV, V2, P72, DOI 10.1109-MSP.2004.47; Raynal FR, 2004, IEEE SECUR PRIV, V2, P77, DOI 10.1109-MSP.2004.70; Spitzner L., 2002, HONEYPOTS TRACKING H; Spitzner L., 2003, Proceedings. 19th Annual Computer Security Applications Conference; Spitzner L., 2003, IEEE Security and Privacy, V1, DOI 10.1109-MSECP.2003.1193207; Teo L., 2004, Proceedings. Second IEEE International Information Assurance Workshop; WEILER N, 2002, P 11 IEEE INT WORKSH; WHITE G, 1996, IEEE NETWORK, V10; Wolfgang M., 2002, HOST DISCOVERY NMAP; YELDI S, 2003, C CONV TECHN AS PAC, P1521; Zhang F, 2003, PARALLEL AND DISTRIBUTED COMPUTING, APPLICATIONS AND TECHNOLOGIES, PDCAT'2003, PROCEEDINGS, P231; Zhang ZH, 2005, COMPUT COMMUN, V28, P1428, DOI 10.1016-j.comcom.2005.01.014
dc.description.citedCount 20
dc.description.citedTotWOSCount 13
dc.description.citedWOSCount 11
dc.format.extentCount 15
dc.identifier.articleNo
dc.identifier.coden CPSED
dc.identifier.pubmedID
dc.identifier.scopusID 33745009333
dc.identifier.url
dc.publisher.address OXFORD FULFILLMENT CENTRE THE BOULEVARD, LANGFORD LANE, KIDLINGTON, OXFORD OX5 1GB, OXON, ENGLAND
dc.relation.ispartofConference
dc.relation.ispartofConferenceCode
dc.relation.ispartofConferenceDate
dc.relation.ispartofConferenceHosting
dc.relation.ispartofConferenceLoc
dc.relation.ispartofConferenceSponsor
dc.relation.ispartofConferenceTitle
dc.relation.ispartofFundingAgency
dc.relation.ispartOfISOAbbr Comput. Secur.
dc.relation.ispartOfIssue 4
dc.relation.ispartOfPart
dc.relation.ispartofPubTitle Computers and Security
dc.relation.ispartofPubTitleAbbr Comput Secur
dc.relation.ispartOfSpecialIssue
dc.relation.ispartOfSuppl
dc.relation.ispartOfVolume 25
dc.source.ID WOS:000238929300020
dc.type.publication Journal
dc.subject.otherAuthKeyword Computer security
dc.subject.otherAuthKeyword Honeypots
dc.subject.otherAuthKeyword Intrusion detection
dc.subject.otherAuthKeyword Network security
dc.subject.otherAuthKeyword Organizational networks
dc.subject.otherAuthKeyword Snort
dc.subject.otherChemCAS
dc.subject.otherIndex Computer networks
dc.subject.otherIndex Computer operating systems
dc.subject.otherIndex Probability
dc.subject.otherIndex Security of data
dc.subject.otherIndex Telecommunication traffic
dc.subject.otherIndex Honeypots
dc.subject.otherIndex Intrusion detection
dc.subject.otherIndex Network security
dc.subject.otherIndex Organizational networks
dc.subject.otherIndex Snort
dc.subject.otherIndex Security systems
dc.subject.otherKeywordPlus FORENSICS
dc.subject.otherWOS Computer Science, Information Systems


Files in this item

Files Size Format View

There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record

Search Scholarworks


Browse

My Account