Title :
Honeypot and scan detection in intrusion detection system
Author :
Yin, Chunmei ; Li, Mingchu ; Ma, Jianh ; Sun, Jizhou
Author_Institution :
Sch. of Electron. Inf. Eng., Tianjin Univ., China
Abstract :
We present an application of a honeypot in detection collaboration with an intrusion detection system. We have designed and implemented a honeypot port-scan detection system for scan detection, which can work as a module of the intrusion detection system and can also run independently. Nowadays, intrusion detection systems face more challenges, such as data overload, high false positives and negatives, and being incapable of understanding the encrypted or IPv6 packets. We introduce new data structures (such as a new link structure for slow scan) and new event mechanisms in our system, and present a new method to solve some weaknesses in known techniques, so our system can provide an early scan warning and detect some new attacks. Our tests on this system in a typical network environment show that the system has very low false positives and false negatives.
Keywords :
Internet; authorisation; data structures; invasive software; telecommunication security; IPv6 packets; Internet; Trojans; computer security; data overload; data structures; encrypted packets; event mechanisms; false negatives; false positives; honeypot detection; intrusion detection; link structure; port-scan detection; unauthorized activity; Application software; Collaborative work; Computer hacking; Computer science; Computer security; Design engineering; Face detection; Intrusion detection; Sun; Telecommunication traffic;
Conference_Titel :
Electrical and Computer Engineering, 2004. Canadian Conference on
Print_ISBN :
0-7803-8253-6
DOI :
10.1109/CCECE.2004.1345313
