In addition, one of the main objectives of honeypots is to complement the different traditional techniques in threats detection with a system capable of detecting previously unknown threats, thereby providing a higher level of security (Olakanmi & Dada, 2019). Through gathered information, it is possible to adapt the IDSs with new detection signatures (those based on misuse detection) or label datasets used by those based on anomaly detection (Jorquera et al., 2018) to retrain their search engine, and, therefore, to increase their precision and recall by reducing the number of false alerts. To cover this need and try to get information of novel threats or attacks, honeypots (Spitzner, 2003) arise, which consist of lure or trap systems whose main goal is to simulate a real system that can be attacked. However, IDSs based on anomaly detection techniques are able to recognise unknown threats, but they are prone to generate false positives –alerts generated when identifying the possible existence of a real threat, when they are actually false alerts because the threat is not true. Traditional security systems based on signatures, such as firewalls, antivirus systems or Intrusion Detection Systems (IDS) based on misuse detection techniques (Depren, Topallar, Anarim & Ciliz, 2005), are generally not quite effective against unknown threats or new attack patterns not previously registered. Authors also generate a feature set to feed Machine Learning algorithms with the main goal of identifying and classifying attacker's sessions, and thus be able to learn malicious intentions in executing cyber threats. The proposed system is able to acquire behaviour patterns of each attacker and link them with future sessions for early detection. Since brute-force attacks are increasing in recent years, authors opted for an SSH medium-interaction honeypot to acquire a log set from attacker's interactions. Authors propose using honeypot systems as a further security layer able to provide an intelligence holistic level in detecting unknown threats, or well-known attacks with new behaviour patterns. However, these traditional systems are usually limited to detect potential threats, since they are inadequate to spot zero-day attacks or mutations in behaviour. AbstractAs the number and sophistication of cyber threats increases year after year, security systems such as antivirus, firewalls, or Intrusion Detection Systems based on misuse detection techniques are improved in detection capabilities.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |