Browse > Article

An active intrusion-confronting method using fake session and Honeypot  

이명섭 (영남대학교 컴퓨터공학과 인공지능 및 지능정보시스템 연구실)
신경철 (영남대학교 컴퓨터공학과 인공지능 및 지능정보시스템 연구)
박창현 (영남대학교 컴퓨터공학과 인공지능 및 지능정보시스템 연구실)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.29, no.7C, 2004 , pp. 971-984 More about this Journal
Abstract
In the coming age of information warfare, information security patterns need to be changed such as to the active approach using offensive security mechanisms rather than traditional passive approach just protecting the intrusions. In an active security environment, it is essential that, when detecting an intrusion, the immediate confrontation such as analysing the intrusion situation in realtime, protecting information from the attacks, and even tracing the intruder. This paper presents an active intrusion-confronting system using a fake session and a honeypot. Through the fake session, the attacks like Dos(Denial of Service) and port scan can be intercepted. By monitoring honeypot system, in which the intruders are migrated from the protected system and an intrusion rule manager is being activated, new intrusion rules are created and activated for confronting the next intrusions.
Keywords
DoS(Dental of Service); Port Scan; Fake Session; Honeypot;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Active Defense of a Computer System using Autonomous Agents /
[ Crosbie M;Spafford E ] / Technical Report
2 /
[ Reto Baumann ] / White Paper : Honeypots
3 /
[ Stephen Northcutt ] / Network instrusion Detection -Third Edition
4 /
[ Lance Spitzner ] / Honeypots - Tracking Hackers
5 A survey of intrusion detection techniques /
[ T. F. Lunt ] / Computers & Security   DOI   ScienceOn
6 /
[ Honeynet Project Members ] / Know Your Enenmy : Honeynets
7 /
[] / ManTrap : A Secure Deception System
8 Firewalls and Internet Security /
[ William R. Cheswick;Steven M. Bellovin ] / ISBN:0-201-63357-4
9 An Intrusion Detection Model /
[ D. E. Denning ] / IEEE Transactions Software Engineering
10 침입 탐지 기술 분류 및 기술적 구성요소 /
[ 은유진;박정호 ] / KISA Information Security News
11 Next-Generation Intrusion Detection Expert System (NIDES) /
[ Phillip Porras ] / SRI International
12 /
[ 한국정보보호진흥원 ] / CERTCC-KR
13 네트워크 패킷 정보를 기반으로 한 보안 관리 /
[ 이경하(외) ] / 한국정보과학회 논문지
14 Defending a Computer System using Autonomous Agents /
[ Crosbie M;Spafford E ] / Technical Report
15 NetRanger Intrusion Detection System /
[ CISCO ] / Technical Information
16 Data mining approaches for intrusion detection /
[ W. Lee;S. J. Stolfo ] / Processing of the 7th USENIX Security Symposium
17 STAT: A State Transition Analysis Tool For Intrusion Detection /
[ P. A. Porras ] / M.S. thesis
18 EMERALD : Event Monitoring Enabling Responses to Anomalous Live Disturbance /
[ P. A. Porras;P. G. Neumann ] / Proceedings of the National Information Sys tems Security Conference
19 /
[ Albert Gonzalez ] / Bait & Switch Honeypot
20 /
[ Eric Bloedorn;Alan D. Christiansen ] / Data Mining for Network Intrusion Detection: How to Get Started
21 /
[] / TcpDump
22 /
[] / Nmap
23 Applying Genetic Programming to Intrusion Detection /
[ Crosbie M;Spafford E ] / Technical Report,