Detailed Information on Publication Record
2014
POSTER: Dragging Attackers to Honeypots for Effective Analysis of Cybernetic Threats
HUSÁK, Martin and Jan VYKOPALBasic information
Original name
POSTER: Dragging Attackers to Honeypots for Effective Analysis of Cybernetic Threats
Authors
HUSÁK, Martin (203 Czech Republic, guarantor, belonging to the institution) and Jan VYKOPAL (203 Czech Republic, belonging to the institution)
Edition
2014
Other information
Language
English
Type of outcome
Audiovizuální tvorba
Field of Study
Informatics
Country of publisher
Czech Republic
Confidentiality degree
není předmětem státního či obchodního tajemství
RIV identification code
RIV/00216224:14610/14:00073228
Organization
Ústav výpočetní techniky – Repository – Repository
Keywords in English
honeypot;network monitoring;security
Links
VF20132015031, research and development project.
Změněno: 1/9/2020 20:45, RNDr. Daniel Jakubík
Abstract
V originále
With the rising number of cyber threats in communication networks, there is a demand for attack analysis and the identification of new threats. Honeypots, tools for attack analysis and zero-day exploit discovery, are passive in waiting for an attacker. This paper proposes a novel approach to the effective utilization of honeypots based on cooperation between honeypots and the network in which they are deployed. We propose a framework for recognition of attacks in their early phase and dragging the network traffic to a honeypot before the attack causes any harm. We use flow-based network monitoring to detect initial phases of the attacks and propose prediction of the later phases of the attack. Malicious network traffic will be redirected to a honeypot for further analysis using a concept of a network funnel.