Honeypot Baselining for Zero Day Attack Detection

Honeypots are the network sensors used for capturing the network attacks. As these sensors are solely deployed for the purpose of being attacked and compromised hence they have to be closely monitored and controlled. In the work presented in this paper the authors have addressed the problem of base-lining the high-interaction Honeypots by proposing a structured framework for base-lining any high interaction Honeypot. The Honeypot base-lining process involves identification and white-listing of all the legitimate system activities and the modeling of Honeypot attack surface. The outcome of the Honeypot base-lining process is an XML file which models the Honeypot attack surface. The authors claim that this Honeypot system modeling is useful at the time of attack data analysis, as it enables the mapping of captured attacks to the vulnerabilities exposed by the Honeypot. This attack to vulnerability mapping capability helps defenders to find out what attacks targets what vulnerabilities and could also leads to the detection of the zero day vulnerabilities exploit attempt.

MoreLess

Year of publication:	2017
Authors:	Chamotra, Saurabh ; Sehgal, Rakesh Kumar ; Misra, Ram Swaroop
Published in:	International Journal of Information Security and Privacy (IJISP). - IGI Global, ISSN 1930-1669, ZDB-ID 2400983-0. - Vol. 11.2017, 3 (01.07.), p. 63-74
Publisher:	IGI Global
Subject:	Attack Surface \| Honeypots \| Security \| Vulnerabilities \| Zero Day Attacks

More details

Type of publication:	Article
Language:	English
Other identifiers:	10.4018/IJISP.2017070106 [DOI]
Source:	Other ZBW resources

Persistent link: https://ebvufind01.dmz1.zbw.eu/10012045699