With recent advances in network based technology and increased dependability of our every day life on this technology, assuring reliable operation of network based systems is very important. During recent years, number of attacks on networks has dramatically increased and consequently interest in network intrusion detection has increased among the researchers. This paper provides a review on current trends in intrusion detection together with a study on technologies implemented by some researchers in this research area. Honey pots are effective detection tools to sense attacks such as port or email scanning activities in the network. Some features and applications of honey pots are explained in this paper.

/pdf/research-on-intrusion-detection-and-response-a-survey-1dxvnjrwam.pdf

Research on intrusion detection and response: a survey

Applications of Bayesian networks and Petri nets in safety, reliability, and risk assessments: A review

The method analyzes unauthorized intrusion into a computer network. Access is allowed through one or more open ports to one or more virtualized decoy operating systems running on a hypervisor operating system hosted on a decoy network device. This may be done by opening a port on one of the virtualized decoy operating systems. A network attack on the virtualized operating system is then intercepted by an introspection module running on the hypervisor operating system. The attack-identifying information is communicated through a private network interface channel and stored on a database server as forensic data. A signature-generation engine uses this forensic data to generate a signature of the attack. An intrusion prevention system then uses the attack signature to identify and prevent subsequent attacks. A web-based visualization interface facilitates configuration of the system and analysis of (and response to) forensic data generated by the introspection module and the signature generation engine, as well as that stored in the processing module's relational databases.

System and Method for Analyzing Unauthorized Intrusion Into a Computer Network

In this survey, we give an extensive overview on honeypots. This includes not only honeypot software but also methodologies to analyse honeypot data.

A Survey on Honeypot Software and Data Analysis.

Today, the Internet security community largely emphasizes cyberspace monitoring for the purpose of generating cyber intelligence. In this paper, we present a survey on darknet. The latter is an effective approach to observe Internet activities and cyber attacks via passive monitoring. We primarily define and characterize darknet and indicate its alternative names. We further list other trap-based monitoring systems and compare them to darknet. Moreover, in order to provide realistic measures and analysis of darknet information, we report case studies, namely, Conficker worm in 2008 and 2009, Sality SIP scan botnet in 2011, and the largest amplification attack in 2014. Finally, we provide a taxonomy in relation to darknet technologies and identify research gaps that are related to three main darknet categories: deployment, traffic analysis, and visualization. Darknet projects are found to monitor various cyber threat activities and are distributed in one third of the global Internet. We further identify that Honeyd is probably the most practical tool to implement darknet sensors, and future deployment of darknet will include mobile-based VOIP technology. In addition, as far as darknet analysis is considered, computer worms and scanning activities are found to be the most common threats that can be investigated throughout darknet; Code Red and Slammer/Sapphire are the most analyzed worms. Furthermore, our study uncovers various lacks in darknet research. For instance, less than 1% of the contributions tackled distributed reflection denial of service (DRDoS) amplification investigations, and at most 2% of research works pinpointed spoofing activities. Last but not least, our survey identifies specific darknet areas, such as IPv6 darknet, event monitoring, and game engine visualization methods that require a significantly greater amount of attention from the research community.

Darknet as a Source of Cyber Intelligence: Survey, Taxonomy, and Characterization

A honeypot is a supplemented active defense system for network security. It traps attacks, records intrusion information about tools and activities of the hacking process, and prevents attacks outbound the compromised system. Integrated with other security solutions, a honeypot can solve many traditional dilemmas. We expatiate key components of data capture and data control in a honeypot, and give a classification for honeypots according to security goals and application goals. We review the technical progress and security contribution of production honeypots and research honeypots. We present typical honeypot solutions and predict the technical trends of integration, virtualization and distribution for future honeypots.

Honeypot: a supplemented active defense system for network security

Color Petri Net (CPN) based attack modeling approach is addressed. CPN based attack model is flexible enough to model Internet intrusion, including the static and dynamic features of the intrusion. The processes and rules of building CPN based attack model from attack tree are also presented. In order to evaluate the risk of intrusion, some cost elements are added to CPN based attack modeling. Experiences also show that it is easy to exploit CPN based attack modeling approach to provide the controlling functions.

Colored petri net based attack modeling

Due to the lack of open infrastructure support, the development of context aware systems in pervasive computing environment is difficult and costly. To solve this problem, we have implemented an open middleware-based context-aware infrastructure for context aware in pervasive computing, named oca-Infrastructure. In oca-Infrastructure, (1) a generic layered model is proposed to specify the functional elements of context-aware computing and provides context-aware computing systems with robust separation of concerns. (2) Wireless CORBA is used to enable distributed components to communicate each other and support for wireless access and terminal mobility. (3) Context-aware supporting platform is created to mask the dynamic environment. (4) Context query is issued based on type-subject model. The context message is delivered in XML. (5) Knowledge-based access control is used to improve security. Finally, we have presented detailed examples to evaluate the feasibility of oca-Infrastructure.

Open middleware-based infrastructure for context-aware in pervasive computing

The threshold cryptography provides a new approach to building intrusion tolerance applications. In this paper, a threshold decryption scheme based the Menezes-Vanstone elliptic curve cryptosystem is presented. Based on the scheme, the architecture of an intrusion-tolerant Web security system is presented. Performance analysis shows that the architecture is characterized by excellent security as well as high efficiency.

ECC Based Intrusion Tolerance for Web Security

This paper concentrates on analyzing and discussing the basic secure service: key management (PKey). By adding a security service layer, PKey is carefully built on the base of a routing and location layer to simple the application development. According as the layered architecture of PKey, some key protocols of PKey, which include key producing, retrieving and transferring, are designed and analyzed in detail. Other important aspects of this new kind of distributed key management system are also addressed and analyzed.

Jinde Liu

Papers

Honeypot: a supplemented active defense system for network security

Colored petri net based attack modeling

Open middleware-based infrastructure for context-aware in pervasive computing

ECC Based Intrusion Tolerance for Web Security

Distributing the Keys into P2P Network