tailieunhanh - Monitoring and analyzing system activities using high interaction honeypot
This is what distinguishes it from traditional intrusion detection systems. Still Denial of Service (DoS) attacks pose a major challenge in the online world to this day. DoS attacks characterized by many features such as easy to launch, and a large-scale, used by novices to the presence of tools based attacks .Therefore, most of the research’s concerned with disclosure of denial of service attacks. In this work a high interaction honeypot is designed to detect Denial of Service attacks by analyzing packets and extracting their features, by applying one of decision tree algorithm () to detect attacks. | International Journal of Computer Networks and Communications Security C , , JANUARY 2014, 39–45 Available online at: ISSN 2308-9830 N C S Monitoring and Analyzing System Activities Using High Interaction Honeypot B. Al-Dabagh1 and Mohammed A. Fakhri2 1, 2 Computer Science Dept. College of Computer Science and Mathematics, Mosul University, Mosul, Iraq E-mail: 1najladabagh@, 2Mohammed_a_f@ ABSTRACT Honeypot is one of protection techniques that have been used recently in the field of networks security, characterized by their effectiveness in detecting new attacks and interaction with the attackers and providing a suitable environment for them to do their attacks. After that studying the attacks, analyzing and be an impression of the attacks and the attackers. This is what distinguishes it from traditional intrusion detection systems. Still Denial of Service (DoS) attacks pose a major challenge in the online world to this day. DoS attacks characterized by many features such as easy to launch, and a large-scale, used by novices to the presence of tools based attacks .Therefore, most of the research’s concerned with disclosure of denial of service attacks. In this work a high interaction honeypot is designed to detect Denial of Service attacks by analyzing packets and extracting their features, by applying one of decision tree algorithm () to detect attacks. The proposed Honeypot monitors the system and analyzes events to detect unknown attacks by Open Source Security (OSSec). Keywords: Honeypot, DoS, Decision tree, OSSEC. 1 INTRODUCTION Today's world increasingly relies on computer networks. The use of network resources is growing and network infrastructures are gaining in size and complexity. This increase’s followed by a rising volume of security problems. New threats and vulnerabilities are found every day, and computers are far from being secure. In the first half of 2013, 4,100 vulnerabilities were
đang nạp các trang xem trước