Title :
Intrusion detection in Honeynets by compression and hashing
Author :
Abbasi, Fahim H. ; Harris, R.J.
Author_Institution :
Sch. of Eng. & Adv. Technol. (SEAT), Massey Univ., Palmerston North, New Zealand
fDate :
Oct. 31 2010-Nov. 3 2010
Abstract :
This paper proposes the design of a behaviour-based Intrusion Detection System (IDS), adopting Fuzzy hashing and Normalized Compression Distance (NCD) to determine similarity in behavioural profiles of worms and malware. The system runs in parallel with an existing knowledge or misuse-based system like Snort, but augments the intrusion detection capabilities by revealing malicious behaviour or activities within the Honeynet. The system integrates into a Honeynet, where the network-based events will be trapped by the gateway device, while system-based events will be trapped on the Honeypot(s). Results of prototype network system components are also discussed.
Keywords :
cryptography; invasive software; Honeypot; Snort; behaviour-based intrusion detection system design; fuzzy hashing; gateway device; honeynets; malware; misuse-based system; network-based events; normalized compression distance; system-based events; worms; Complexity theory; Databases; Grippers; Intrusion detection; Malware; Payloads; Protocols; intrusion detection system (IDS);
Conference_Titel :
Telecommunication Networks and Applications Conference (ATNAC), 2010 Australasian
Conference_Location :
Auckland
Print_ISBN :
978-1-4244-8173-6
Electronic_ISBN :
978-1-4244-8171-2
DOI :
10.1109/ATNAC.2010.5680264
