Automatic handling of protocol dependencies and reaction to 0-day attacks with ScriptGen based honeypots
Spitzner proposed to classify honeypots into low, medium and high interaction ones. Several
instances of low interaction exist, such as honeyd, as well as high interaction, such as GenII …
instances of low interaction exist, such as honeyd, as well as high interaction, such as GenII …
Bro: An open source network intrusion detection system
R Sommer - 2003 - dl.gi.de
Bro is a powerful, but largely unknown open source network intrusion detection system.
Based on a sound design, Bro achieves its main goals–separating policy from mechanisms …
Based on a sound design, Bro achieves its main goals–separating policy from mechanisms …
Honeycomb: creating intrusion detection signatures using honeypots
C Kreibich, J Crowcroft - ACM SIGCOMM computer communication …, 2004 - dl.acm.org
This paper describes a system for automated generation of attack signatures for network
intrusion detection systems. Our system applies pattern-matching techniques and protocol …
intrusion detection systems. Our system applies pattern-matching techniques and protocol …
Scriptgen: an automated script generation tool for honeyd
Honeyd (N. Provos, 2004) is a popular tool developed by Niels Provos that offers a simple
way to emulate services offered by several machines on a single PC. It is a so called low …
way to emulate services offered by several machines on a single PC. It is a so called low …
[PDF][PDF] Generic Application-Level Protocol Analyzer and its Language.
Application-level protocol analyzers are important components in tools such as intrusion
detection systems, firewalls, and network monitors. Currently, protocol analyzers are written …
detection systems, firewalls, and network monitors. Currently, protocol analyzers are written …
[HTML][HTML] An Architecture for Generating Semantic Aware Signatures.
Identifying new intrusions and developing effective signatures that detect them is essential
for protecting computer networks. We present Nemean, a system for automatic generation of …
for protecting computer networks. We present Nemean, a system for automatic generation of …
Set-up and deployment of a high-interaction honeypot: experiment and lessons learned
This paper presents the lessons learned from an empirical analysis of attackers behaviours
based on the deployment on the Internet of a high-interaction honeypot for more than 1 year …
based on the deployment on the Internet of a high-interaction honeypot for more than 1 year …
A real-time network intrusion detection system for large-scale attacks based on an incremental mining approach
MY Su, GJ Yu, CY Lin - Computers & security, 2009 - Elsevier
None of the previously proposed Network Intrusion Detection Systems (NIDSs), which are
subject to fuzzy association rules, can meet real-time requirements because they all apply …
subject to fuzzy association rules, can meet real-time requirements because they all apply …
Automated Response Using {System-Call} Delay
A Somayaji, S Forrest - 9th USENIX security symposium (USENIX …, 2000 - usenix.org
Automated intrusion response is an important unsolved problem in computer security. A
system called pH (for process homeostasis) is described which can successfully detect and …
system called pH (for process homeostasis) is described which can successfully detect and …
STATL: An attack language for state-based intrusion detection
ST Eckmann, G Vigna… - Journal of computer …, 2002 - content.iospress.com
STATL is an extensible state/transition-based attack description language designed to
support intrusion detection. The language allows one to describe computer penetrations as …
support intrusion detection. The language allows one to describe computer penetrations as …