- Title
- Real-time distributed malicious traffic monitoring for honeypots and network telescopes
- Creator
- Hunter, Samuel O, Irwin, Barry V W, Stalmans, Etienne
- Subject
- To be catalogued
- Date
- 2013
- Type
- text
- Type
- article
- Identifier
- http://hdl.handle.net/10962/429660
- Identifier
- vital:72630
- Identifier
- 10.1109/ISSA.2013.6641050
- Description
- Network telescopes and honeypots have been used with great success to record malicious network traffic for analysis, however, this is often done off-line well after the traffic was observed. This has left us with only a cursory understanding of malicious hosts and no knowledge of the software they run, uptime or other malicious activity they may have participated in. This work covers a messaging framework (rDSN) that was developed to allow for the real-time analysis of malicious traffic. This data was captured from multiple, distributed honeypots and network telescopes. Data was collected over a period of two months from these data sensors. Using this data new techniques for malicious host analysis and re-identification in dynamic IP address space were explored. An Automated Reconnaissance (AR) Framework was developed to aid the process of data collection, this framework was responsible for gathering information from malicious hosts through both passive and active fingerprinting techniques. From the analysis of this data; correlations between malicious hosts were identified based on characteristics such as Operating System, targeted service, location and services running on the malicious hosts. An initial investigation in Latency Based Multilateration (LBM), a novel technique to assist in host re-identification was tested and proved successful as a supporting metric for host re-identification.
- Format
- 9 pages, pdf
- Language
- English
- Relation
- Information Security for South Africa, Hunter, S.O., Irwin, B. and Stalmans, E., 2013, August. Real-time distributed malicious traffic monitoring for honeypots and network telescopes. In 2013 Information Security for South Africa (pp. 1-9). IEEE, Information Security for South Africa volume 2013 number 1 1 9 2013 2330-9881
- Rights
- Publisher
- Rights
- Use of this resource is governed by the terms and conditions of the IEEE Xplore Terms of Use Statement (https://ieeexplore.ieee.org/Xplorehelp/overview-of-ieee-xplore/terms-of-use)
- Hits: 159
- Visitors: 160
- Downloads: 5
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details | SOURCE1 | Real-time distributed malicious traffic monitoring for honeypots and network telescopes.pdf | 664 KB | Adobe Acrobat PDF | View Details |