Design and Implementation of the HoneyPot System with Focusing on the Session Redirection.
ABSTRACT In this paper, we implement a HoneyPot system equipped with several sub systems for their use. Obtaining the new knowledge
on the access skills of intruder allows us to make a policy more precisely and quickly to protect a system from the new attacks.
Our implementation presents an HoneyPot System cooperates with firewall and management server. In this system, firewall redirects
a session from an abnormal user to HoneyPot to learn the advanced intrusion skills and to respond more effectively.
- SourceAvailable from: cs.unm.edu[show abstract] [hide abstract]
ABSTRACT: This paper presents the preliminary architecture of a network level intrusion detection system. The proposed system will monitor base level information in network packets (source, destination, packet size, and time), learning the normal patterns and announcing anomalies as they occur. The goal of this research is to determine the applicability of current intrusion detection technology to the detection of network level intrusions. In particular, the authors are investigating the possibility of using this technology to detect and react to worm programs.
Article: An approach to sensor correlation[show abstract] [hide abstract]
ABSTRACT: We present an approach to intrusion detection (ID) sensor correlation that considers the problem in three phases: event aggregation, sensor coupling, and meta alert fusion. The approach is well suited to probabilistically based sensors such as EMERALD eBayes. We demonstrate the efficacy of the EMERALD alert thread mechanism, the sensor coupling in eBayes, and a prototype alert fusion capability towards achieving significant functionality in the field of ID sensor correlation.01/2000;
Article: Understanding the linux kernel01/2006;