Книга: Abhay Nath Singh «Honeypot Based Intrusion Detection System»
|
Производитель: "LAP Lambert Academic Publishing" The Intrusion Detection Systems (IDS) play an important role in protecting the organizations from unauthorized activities. In this dissertation work, a framework using honeypot is proposed with Real Time Rule Accession (ReTRA) capability. Honeypot is used to prevent the attack and collect attack traffic on the network. Furthermore, Apriori algorithm for association rule mining is used on the data logged by honeypot to generate rules which is added to the Snort IDS dynamically. This is different from the previous method of off-line rule base addition. The proposed IDS is efficient in detecting the attacks at the time of their occurrences even if the system was not equipped with rules to detect it. The logs generated by honeypots can grow very large in size when there is heavy attack traffic in the system, thus consuming a lot of disk space. The huge log size poses difficulty when they are processed and analyzed as they consume a lot of time and resources. The proposed system... ISBN:9783846583104 Издательство: "LAP Lambert Academic Publishing" (2012)
ISBN: 9783846583104 |
См. также в других словарях:
Intrusion detection system — An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station.[1] Some systems may attempt to stop … Wikipedia
Network intrusion detection system — A Network Intrusion Detection System (NIDS) is an intrusion detection system that tries to detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by Network Security Monitoring (NSM) of… … Wikipedia
Intrusion Detection — Ein Intrusion Detection System (IDS) ist ein System zur Erkennung von Angriffen, die an ein Computersystem oder Computernetz gerichtet sind. Das IDS kann eine Firewall ergänzen oder auch direkt auf dem zu überwachenden Computersystem laufen und… … Deutsch Wikipedia
Honeypot (computing) — In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a… … Wikipedia
Client honeypot — Honeypots are security devices whose value lie in being probed and compromised. Traditional honeypots are servers (or devices that expose server services) that wait passively to be attacked. Client Honeypots are active security devices in search… … Wikipedia
Rootkit — A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications. The term rootkit is a concatenation… … Wikipedia
