期刊名称:Journal of Theoretical and Applied Information Technology
印刷版ISSN:1992-8645
电子版ISSN:1817-3195
出版年度:2013
卷号:47
期号:2
页码:792-797
出版社:Journal of Theoretical and Applied
摘要:In this paper, we are presenting an Intrusion Prevention System (IPS) based on multiple sensors in the network. These sensors are in fact honeypots built using honeyd. Honeyd is a high level honeypot which is very light and which is offering a lot of possibilities to get the most of information gathered about attackers in general. In fact, we are presenting a solution to go from passive and isolated sensors to a collaborative platform to help prevent intrusions by analyzing all collected data. To be able to do this, honeyd2db module was developed to enable honeyd to log its data into a database instead of a local file to the sensor. This aggregation of data from all sensors give us the possibility to analyze all collected logs as a hole and come out with a decision (deny network traffic on a firewall for example) using any of the known methods of data analysis.
关键词:Intrusion Prevention System (IPS); Honeypots; Honeyd; Network Sensors; Distributed System
