Detecting Malwares in Honeynet Using a Multi-agent System
The importance of network security is rapidly increasing as more and more business is conducted via these systems. The proposed honeynet system can be used to detect bots or malware based on the evaluation of events occurring within a computer network. A honeypot is a trap set to detect, deflect or in some manner counteract attempts at unauthorized access to information systems. A honeynet (a network consisting of 2 or more honeypots) is used for surveillance of larger or more diverse networks for which one honeypot may not be sufficient. The detection algorithms of these systems are based on signatures derived from the analysis of various types of malicious software. The proposed honeynet system is a combination of a post intrusion detection system and a files analyzer. It has been implemented using multi-agent technology.
Keywordshoneypot honeynet computer forensics malware
Unable to display preview. Download preview PDF.
- 1.Piotrowski, M.: The protection of computer networks through technology honeypot (2007) (in Polish)Google Scholar
- 2.Rush, M., Orebaugh, A., Clark, G., Pinkard, B., Babbin, J.: Intrusion Prevention and Active Response - Deploying Network and Host IPS (2005)Google Scholar
- 3.Erickson, J.: Hacking: The Art of Exploitation (2008)Google Scholar
- 4.Holz, T., Dornseif, M.: Hands on Honeypot Technology, Black Hat 2005 (2005), http://blackhat.com
- 5.Yang, G., Rong, C., Dai, Y.: A Distributed Honeypot System for Grid Security. In: Li, M., Sun, X.-H., Deng, Q.-n., Ni, J. (eds.) GCC 2003. LNCS, vol. 3032, pp. 1083–1086. Springer, Heidelberg (2004)Google Scholar
- 6.Barford, P., Chen, Y., Li Goyal, Z.: Employing Honeynets For Network Situational Awareness (2010)Google Scholar
- 7.Tang, H., Zhu, B., Ren, K.: A New Approach to Malware Detection. In: Park, J.H., et al. (eds.) ISA 2009. LNCS, vol. 5576, pp. 229–238. Springer, Heidelberg (2009)Google Scholar