Design of Active HoneyPot System
According to rapid growth of Internet infrastructure and information technology, anyone can get knowledge legally or illegally. Internet users can be classified as normal and abnormal user. Especially, abnormal users with hostility are getting more intelligent, so they can drain away the valuable information and use or destroy it illegally. The damage from abnormal user is also increasing, but research to detect abnormal users and to protect information is at still initial stage. The most security systems focus on how to detect and respond such an intrusion as quickly as possible of which they already have knowledge. In case of unknown intrusion, it is much harder to detect and respond it. In this paper, we implement a virtual emulation service that leads an intruder into HoneyPot, which monitors all behaviors in step by step. Building the new knowledge on the access paths and skills of intruder allows us to make a policy to protect a system from new attacks. Furthermore, we present an Active HoneyPot System, which combined with firewall and management server. In this system, firewall redirects an abnormal user to HoneyPot to learn advanced intruding skills and to respond more actively.
Unable to display preview. Download preview PDF.
- 1.Snort Users Manual Snort Release 1.8.1 Martin Roesch 10th Aug. 2001.Google Scholar
- 2.Byong-koo Kim, Dong-su Kim, Tai-myung Chung, “Design of Intrusion Detection System based on Hierarchical Architecture,” KIPS, vol. 6,No. 2, Jan. 1999.Google Scholar
- 3.Hoon-jo Chung, Byong-koo Kim, Tai-myung Chung, “Classification of Intrusion Types and Detection Systems, ” KIPS, No. 2, Jan. 1999.Google Scholar
- 4.Miyoung Kim, Youngsong Mun, “The Development of HoneyPot System,” Proceedings of the International Conference on Security and Management, Las Vegas, USA, Jun. 2002.Google Scholar
- 5.Miyoung Kim, Youngsong Mun, Technical Report, “A study on intrusion responding tech-nique using HoneyPot System,” LSRC, Feb. 2003.Google Scholar
- 6.Brian Laing, Jimmy Alderson, “How to Guide: Implementing a Network Based Intrusion Detection System,” Internet Security System, 2000.Google Scholar
- 7.R. Heady, G. Luger, A. Maccabe, and M. Servilla, “The Architecture of a Network Level Intrusion Detction System,” Technical report, Dept. of Computer Science, University of New Mexico, Aug. 1990.Google Scholar
- 8.A. Valdes and K. Skinner, “An Approach to Sensor Correlation,” 3rd International Work-shop on the Recent Advances in Intrusion Detection, Oct. 2000.Google Scholar
- 9.Sun Microsystems Inc., “Installing, Administering, and Using the Basic Security Module,” 2550 Garcia Ave., Mountain View, CA 94043, Dec. 1991.Google Scholar
- 10.G. Vigna and K. Skinner, “The STAT Tool Suite,” in Proceedings of DISCEX 2000, Hilton Head, South Carolina, Jan. 2000, IEEE Computer Society Press.Google Scholar
- 11.Steven J. Scott, “Threat Management Systems The State of Intrusion Detection,” http://www.snort.org, Aug. 2002.