Design of a worm isolation and unknown worm monitoring system based on Honeypot
Abdulaziz Nasser A AlFraih, Wenbo Chen
Abdulaziz Nasser A AlFraih
Available Online May 2014.
- https://doi.org/10.2991/lemcs-14.2014.150How to use a DOI?
- network security; Intrusion Detection Systems; Honeypot; Snort; Worm;
- It has been proved being cumbersome and ineffective to prevent attacks in computer networks. However, the detection strategies have been found to be effective and less costly. The use of Intrusion Detection Systems (IDS) as a detection technique has been widely implemented in computer networks. Meanwhile, there is another strategy can reduce the occurrence of network intrusion, namely Honeypot. Honeypot is a proactive defense technology, introduced by the defense side to change the asymmetric situation of a network attack and defensive game. Through the deployment of the honeypots, i.e. security resources without any production purpose, the defenders can deceive intruders to attack the honeypots, then capture and analyze the attack behaviors in order to understand the attack tools and methods, and to learn the intentions and motivations. The paper analyzed the characteristics and the harms of worm virus, put forward a kind of custom honeypot system. Which according to the intrusion detection, virtual honeypot and data mining technology, using guile address space technology for the purpose of capturing known worms, isolating and delaying the unknown worms scanning speed, and analyzes the log by data mining, update the intrusion detection system rules set, and make timely response and take defense.
- Open Access
- This is an open access article distributed under the CC BY-NC license.
Cite this article
TY - CONF AU - Abdulaziz Nasser A AlFraih AU - Wenbo Chen PY - 2014/05 DA - 2014/05 TI - Design of a worm isolation and unknown worm monitoring system based on Honeypot BT - International Conference on Logistics Engineering, Management and Computer Science (LEMCS 2014) PB - Atlantis Press SN - 1951-6851 UR - https://doi.org/10.2991/lemcs-14.2014.150 DO - https://doi.org/10.2991/lemcs-14.2014.150 ID - AlFraih2014/05 ER -