Title :
A case study on host based data analysis & cyber criminal profiling in Honeynets
Author :
Bhatia, J.S. ; Sehgal, Rakesh ; Bhushan, Bharat ; Kaur, Hameet
Author_Institution :
CDAC-Mohali, Mohali
Abstract :
The single detection component of Honeynet i.e. Snort is not sufficient to reasonably classify the total Honeynet malicious domain. The critical issue is the realization of detection layers for enhanced analysis of cyber threats. This paper presents significance & results obtained following integration of host layer in the form of open source HIDS (Host based Intrusion Detection System) to already existing network layer i.e. Snort in Gen 3 Honeynet architecture. The investigation is further carried out to extract the intelligence from the enhanced Honeynet system. The resultant Honeynet system enables the forensic profiling of the cyber criminal through the retrieval of critical parameters from Honeynet database. The various attributes for profile generation have been clearly indicated in terms of the Honeynet database key fields to establish a characteristic model of the attacker.
Keywords :
computer crime; data analysis; Gen 3 Honeynet architecture; Honeynet database; Honeynet malicious domain; Snort intrusion detection system; cyber criminal profiling; cyber threat analysis; host-based data analysis; open source HIDS; Assembly; Availability; Character generation; Computer aided software engineering; Data analysis; Deductive databases; Forensics; Information retrieval; Intrusion detection; Visualization;
Conference_Titel :
Communication Systems and Networks and Workshops, 2009. COMSNETS 2009. First International
Conference_Location :
Bangalore
Print_ISBN :
978-1-4244-2912-7
Electronic_ISBN :
978-1-4244-2913-4
DOI :
10.1109/COMSNETS.2009.4808902
