Abstract
According to rapid growth of Internet infrastructure and information technology, anyone can get knowledge legally or illegally. Internet users can be classified as normal and abnormal user. Especially, abnormal users with hostility are getting more intelligent, so they can drain away the valuable information and use or destroy it illegally. The damage from abnormal user is also increasing, but research to detect abnormal users and to protect information is at still initial stage. The most security systems focus on how to detect and respond such an intrusion as quickly as possible of which they already have knowledge. In case of unknown intrusion, it is much harder to detect and respond it. In this paper, we implement a virtual emulation service that leads an intruder into HoneyPot, which monitors all behaviors in step by step. Building the new knowledge on the access paths and skills of intruder allows us to make a policy to protect a system from new attacks. Furthermore, we present an Active HoneyPot System, which combined with firewall and management server. In this system, firewall redirects an abnormal user to HoneyPot to learn advanced intruding skills and to respond more actively.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Snort Users Manual Snort Release 1.8.1 Martin Roesch 10th Aug. 2001.
Byong-koo Kim, Dong-su Kim, Tai-myung Chung, “Design of Intrusion Detection System based on Hierarchical Architecture,” KIPS, vol. 6,No. 2, Jan. 1999.
Hoon-jo Chung, Byong-koo Kim, Tai-myung Chung, “Classification of Intrusion Types and Detection Systems, ” KIPS, No. 2, Jan. 1999.
Miyoung Kim, Youngsong Mun, “The Development of HoneyPot System,” Proceedings of the International Conference on Security and Management, Las Vegas, USA, Jun. 2002.
Miyoung Kim, Youngsong Mun, Technical Report, “A study on intrusion responding tech-nique using HoneyPot System,” LSRC, Feb. 2003.
Brian Laing, Jimmy Alderson, “How to Guide: Implementing a Network Based Intrusion Detection System,” Internet Security System, 2000.
R. Heady, G. Luger, A. Maccabe, and M. Servilla, “The Architecture of a Network Level Intrusion Detction System,” Technical report, Dept. of Computer Science, University of New Mexico, Aug. 1990.
A. Valdes and K. Skinner, “An Approach to Sensor Correlation,” 3rd International Work-shop on the Recent Advances in Intrusion Detection, Oct. 2000.
Sun Microsystems Inc., “Installing, Administering, and Using the Basic Security Module,” 2550 Garcia Ave., Mountain View, CA 94043, Dec. 1991.
G. Vigna and K. Skinner, “The STAT Tool Suite,” in Proceedings of DISCEX 2000, Hilton Head, South Carolina, Jan. 2000, IEEE Computer Society Press.
Steven J. Scott, “Threat Management Systems The State of Intrusion Detection,” http://www.snort.org, Aug. 2002.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, M., Kim, M., Lee, H.K., Mun, Y. (2003). Design of Active HoneyPot System. In: Kumar, V., Gavrilova, M.L., Tan, C.J.K., L’Ecuyer, P. (eds) Computational Science and Its Applications — ICCSA 2003. ICCSA 2003. Lecture Notes in Computer Science, vol 2668. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44843-8_38
Download citation
DOI: https://doi.org/10.1007/3-540-44843-8_38
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40161-2
Online ISBN: 978-3-540-44843-3
eBook Packages: Springer Book Archive