Abstract
Proactive cyber-security tools provide basic protection as today’s cyber-criminals utilize legitimate traffic to perform attacks and remain concealed quite often until it is too late. As critical resources, hidden behind layers of cyber-defenses, can still become compromised with potentially catastrophic consequences, it is of paramount significance to be able to identify cyber-attacks and prepare a proper defense as early as possible. In this paper we will go over the architecture, deployment and usefulness of a distributed network of honeypots that relies on darknets to obtain its data. As we have envisioned that such a system has the potential to detect large scale events as early as possible we have adopted the name Early Warning Intrusion System (EWIS).
Chapter PDF
Similar content being viewed by others
References
Irwin, B.: A framework for the application of network telescope sensors in a global IP network (January 2011)
Pouget, F., Dacier, M., Pham, V.: Vh: Leurre.com: on the advantages of deploying a large scale distributed honeypot platform. In: ECCE 2005, E-Crime and Computer Evidence, pp. 1–13 (2005)
Final Report - NoAH (NoAH: a European Network of Affined Honeypots) (2008)
Spyridopoulos, T., Karanikas, G., Tryfonas, T., Oikonomou, G.: A game theoretic defence framework against DoS/DDoS cyber attacks. Computers & Security 38, 39–50 (2013)
Cooke, E., Bailey, M., Watson, D., Jahanian, F., Nazario, J.: The Internet motion sensor: A distributed global scoped Internet threat monitoring system, 1–16 (2004)
Akram, R.N., Markantonakis, K., Mayes, K.: User centric security model for tamper-resistant devices. In: Proceedings - 2011 8th IEEE International Conference on e-Business Engineering, ICEBE 2011, pp. 168–177 (2011)
Raspberry Pi, http://www.raspberry.org
Bailey, M., Cooke, E., Jahanian, F., Myrick, A., Sinha, S.: Practical Darknet Measurement. In: 40th Annual Conference on Information Sciences and Systems (2006)
PostgreSQL, http://www.postgresql.org
Maxmind, http://www.maxmind.com
Moore, D., Shannon, C., Brown, D.: Inferring internet denial-of-service activity. ACM Transactions (2006)
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Surveying Port Scans and Their Detection Methodologies. The Computer Journal 54(10), 1565–1581 (2011)
Akram, R., Markantonakis, K. (n.d.): Smart Cards: State-of-the-Art to Future Directions. crow.org.nz
Cooke, E., Jahanian, F., McPherson, D.: The zombie roundup: Understanding, detecting, and disrupting botnets. In: USENIX SRUTI Workshop (2005)
Symantec, W32.downadup, http://www.symantec.com
Cisco, Branch router QoS design, http://www.cisco.com
Internet file system, http://www.snia.org
Computer Emergency Response Team of Austria, cert.at
Oxford University, The Darknet Mesh Project, projects.oucs.ox.ac.uk
Caida, The UCSD Network Telescope, http://www.caida.org/projects/network_telescope/
ICSI, CCIED Network Telescope, http://www.icir.org/vern/telescope.html
Team Cymru, The Darknet Project, http://www.team-cymru.org
Fragkiadakis, A.G., Tragos, E.Z., Tryfonas, T., Askoxylakis, I.G.: Design and performance evaluation of a lightweight wireless early warning intrusion detection prototype. EURASIP Journal on Wireless Communications and Networking (1), 73 (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Chatziadam, P., Askoxylakis, I.G., Fragkiadakis, A. (2014). A Network Telescope for Early Warning Intrusion Detection. In: Tryfonas, T., Askoxylakis, I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2014. Lecture Notes in Computer Science, vol 8533. Springer, Cham. https://doi.org/10.1007/978-3-319-07620-1_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-07620-1_2
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07619-5
Online ISBN: 978-3-319-07620-1
eBook Packages: Computer ScienceComputer Science (R0)