- Title
- Amber : a aero-interaction honeypot with distributed intelligence
- Creator
- Schoeman, Adam
- Subject
- Security systems -- Security measures
- Subject
- Computer viruses
- Subject
- Intrusion detection systems (Computer security)
- Subject
- Computer security
- Date
- 2015
- Type
- Thesis
- Type
- Masters
- Type
- MSc
- Identifier
- vital:4716
- Identifier
- http://hdl.handle.net/10962/d1017938
- Description
- For the greater part, security controls are based on the principle of Decision through Detection (DtD). The exception to this is a honeypot, which analyses interactions between a third party and itself, while occupying a piece of unused information space. As honeypots are not located on productive information resources, any interaction with it can be assumed to be non-productive. This allows the honeypot to make decisions based simply on the presence of data, rather than on the behaviour of the data. But due to limited resources in human capital, honeypots’ uptake in the South African market has been underwhelming. Amber attempts to change this by offering a zero-interaction security system, which will use the honeypot approach of decision through Presence (DtP) to generate a blacklist of third parties, which can be passed on to a network enforcer. Empirical testing has proved the usefulness of this alternative and low cost approach in defending networks. The functionality of the system was also extended by installing nodes in different geographical locations, and streaming their detections into the central Amber hive.
- Format
- 118 leaves, pdf
- Publisher
- Rhodes University, Faculty of Science, Computer Science
- Language
- English
- Rights
- Schoeman, Adam
- Hits: 2379
- Visitors: 2445
- Downloads: 107
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details Download | SOURCEPDF | 30 MB | Adobe Acrobat PDF | View Details Download |