Intrusion Detection Systems and Honeypots Research Papers (original) (raw)

Identifying attackers is a major apprehension to both organizations and governments. Recently, the most used applications for prevention or detection of attacks are intrusion detection systems. Biometrics technology is simply the measurement and use of the unique characteristics of living humans to distinguish them from one another and it is more useful as compare to passwords and tokens as they can be lost or stolen so we have choose the technique biometric authentication. The biometric authentication provides the ability to require more instances of authentication in such a quick and easy manner that users are not bothered by the additional requirements. In this paper, we have given a brief introduction about biometrics. Then we have given the information regarding the intrusion detection system and finally we have proposed a method which is based on fingerprint recognition which would allow us to detect more efficiently any abuse of the computer system that is running.

- by
- •
- Engineering, Information Security, Biometrics, Computer Security

Among various cyber threats, a DDoS attack is one of the major Internet threats that can affect anyone and even cause tremendous financial damage to organization that uses cloud-based services, while the mitigation of this threat can be highly difficult considering the complex infrastructure that it uses to perform its malicious activities. For that purpose it’s important to think proactively rather than reactively when addressing the protection against this type of attacks. The overview of botnets and some of the countermeasures against this threat were discussed in this paper.

Information security in the sense of personal and institutional has become a top priority in digitalized modern world in parallel to the new technological developments. Many methods, tools and technologies are used to provide the information security of IT systems. These are considered, encryption, authentication, firewall, and intrusion detection and prevention systems. Moreover, honeypot systems are proposed as complementary structures. This paper presents the overall view of the publications in IDS, IPS and honeypot systems. Recently, honeypot systems are anymore used in connection with intrusion detection systems. So this paper describes possible implementation of honeypot technologies combined with IDS/IPS in a network. Studies in the literature have shown intrusion detection systems cannot find the 0-day vulnerabilities. The system provided by the honeypots and intrusion detection systems in the network, might detect new exploit and hacker attempt.

- by Muhammet Baykara and +1
- •
- Intrusion Detection Systems and Honeypots

Resumen El Presente documento, fue hecho con el propósito de dar a conocer la parte conceptual, qué contiene y cómo se accede a esa parte enorme y oculta bajo la superficie del iceberg llamado " información " que existe en la Red. Se establece la diferencia entre los términos " Deep Web " y " Dark Web " y el propósito por el cual fue creada esta entidad oculta. Se mencionan también algunas composiciones por niveles, y que considero son un mito que viene a completar ese halo de misterio que rodea a la Deep Web. Se da a conocer el tipo de cambio corriente en la Deep Web y su valor real aproximado. Los campos que afecta esta Red Profunda, las herramientas de software de uso común para acceder y se hace hincapié en las precauciones que se deben tener al acceder a la misma.

Network forensics deals with the capture, recording and analysis of network events in order to discover evidential information about the source of security attacks in a court of law. This paper discusses the different tools and techniques available to conduct network forensics. Some of the tools discussed include: eMailTrackerPro – to identify the physical location of an email sender; Web Historian – to find the duration of each visit and the files uploaded and downloaded from the visited website; packet sniffers like Ethereal – to capture and analyze the data exchanged among the different computers in the network. The second half of the paper presents a survey of different IP traceback techniques like packet marking that help a forensic investigator to identify the true sources of the attacking IP packets. We also discuss the use of Honeypots and Honeynets that gather intelligence about the enemy and the tools and tactics of network intruders.

To the existence and influence, health related parameters and issues are at most importance to man. Various systems have been developed that are able to capture and monitor changes in health parameters. A real time remote monitoring of heart rate is presented in this paper. This system uses an alert and LCD display that are capable of monitoring the heart rate. A low cost, efficient and flexible heart rate detection and alert system using wireless module has been implemented in this paper. The sensors sense and measure the heart rate and detected signals are sent to control unit for further processing. The controller displays the heart rate on LCD which is then preceded to alert system. If there is a large difference between the normal and measured heart rates, then an alert will be provided by the system. This system is continuous, real time, safe and accurate in monitoring the heart rates. In this system the further application is attached for preventing system that name was AED (Automatic External Defibrillator). In case any low level beat is detects the defibrillator will give the shock on external body of the patients. After the shock the notification is send to the corresponding doctor. And voices also speak at the ICU unit if the patient is admitted in hospital.

With the increased dependence of organizations on technological solutions, the cyber threats have become some of the major concerns for the very existence of the businesses. Thus, the security measures to be implemented need to go beyond a simple presence of a firewall and anti-malware. In this work, an overview of two Intrusion Detection and Prevention systems (IDPS) was performed. Namely, the architecture of Snort and Suricata IDPS engines was discussed.

A honey-pot is a deception toolkit, designed to hook an attacker attempting to compromise the production systems of any institute or organization. If designed and deployed correctly, a honey-pot can function as an advance surveillance tool and well as a threat intelligence collection mechanism. It can also be used to analyze the behavioral signature of the attackers trying to compromise a system and to provide useful insights into potential system loop-holes. This thesis work gives a new dimension to honey-pot methodologies, new techniques to implement different types of honeypots that does not exist yet in the literature or in the product space. The unique contribution of this thesis includes: Implementation of HoneySMB (Honeypot for SMB protocol), HoneyWEB with SQL-injection vulnerability and HoneyDB (Honeypot for mysql database). Coincidentally, the recent outbreak of a ransomware “WannaCry” was an exploitation of the Microsoft SMB version 1 implementation bug. In addition to the design, implementation and deployment of these new types of honey-pots, and analysis of the collected threat intelligence, this thesis also includes our additional work on a new HoneyClient – a client honey-pot and a way to break Android Sandboxing environment.

- by JEFFREY ASONGANYI NKWETTA and +1
- •
- Honeynets, Intrusion Detection Systems and Honeypots, Malware Analysis,honeypots,network Security, Honeypot

Intrusion detection has attracted a considerable interest from researchers and industries. The community, after many years of research, still faces the problem of building reliable and efficient IDS that are capable of handling large quantities of data, with changing patterns in real time situations. The work presented in this manuscript classifies intrusion detection systems (IDS). Moreover, a taxonomy and survey of shallow and deep networks intrusion detection systems is presented based on previous and current works. This taxonomy and survey reviews machine learning techniques and their performance in detecting anomalies. Feature selection which influences the effectiveness of machine learning (ML) IDS is discussed to explain the role of feature selection in the classification and training phase of ML IDS. Finally, a discussion of the false and true positive alarm rates is presented to help researchers model reliable and efficient machine learning based intrusion detection systems.

- by Xavier Bellekens
- •
- Mathematics, Algorithms, Information Security, Machine Learning

Honeypot usage, benefits and disadvantages of implementing a honeypot on your network.

An efficient Intrusion Detection System has to be given high priority while connecting systems with a network to prevent the system before an attack happens. It is a big challenge to the network security group to prevent the system from a variable types of new attacks as technology is growing in parallel. In this paper, an efficient model to detect Intrusion is proposed to predict attacks with high accuracy and less false-negative rate by deriving custom features UNSW-CF by using the benchmark intrusion dataset UNSW-NB15. To reduce the learning complexity, Custom Features are derived and then Significant Features are constructed by applying meta-heuristic FPA (Flower Pollination algorithm) and MRMR (Minimal Redundancy and Maximum Redundancy) which reduces learning time and also increases prediction accuracy. ENC (ElasicNet Classifier), KRRC (Kernel Ridge Regression Classifier), IGBC (Improved Gradient Boosting Classifier) is employed to classify the attacks in the datasets UNSW-CF, UNSW and recorded that UNSW-CF with derived custom features using IGBC integrated with FPA provided high accuracy of 97.38% and a low error rate of 2.16%. Also, the sensitivity and specificity rate for IGB attains a high rate of 97.32% and 97.50% respectively.

The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications.The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.

Nowadays most of the accidents in the world are caused due to drink and driving or driving under the influence of alcohol (DUI).Its proven that more than 70% of road accidents in India is due to drink and driving. In this paper we propose an interlock system technology in vehicles that will prevent the driver from driving if the alcohol content is above the legal limit (0.03% per 100ml in India). This technology will automatically detect the blood alcohol concentration (BAC) by means of two techniques a breath based sensor and touch based sensor and if above the legal limit will not allow car ignition. The breath based system will measure the alcohol concentration in the blood through the driver's exhaled air. Touch based sensor will read the alcohol level below the skin surface. If the driver chooses to switch off or tamper the system then the RFID tag will send information to the traffic control unit so that they can further take actions so as to prevent him from causing impairment.

— This paper presents a comprehensive survey of some modern and most popular intrusion detection techniques. It is unrealistic to prevent security breaches completely using the existing security technologies. Detecting the presence of intruder is very crucial for maintaining the network security. It is found that most of the current intrusion detection systems (IDSs) are signature based systems. The signature based intrusion detection system are based on matching a signature with the network details. Provided with the signatures or patterns they can detect many or all known attack patterns but they are of little use for as yet unknown attacks. Rate of false positives is close to nil but these types of systems are poor at detecting new attacks or variation of known attacks or attacks that can be masked as normal behavior. The other type of IDS i.e. Statistical Based Intrusion detection System (SBIDS) can overcome many of the aforementioned limitations of signature based intrusion detection systems. The statistical based intrusion detection systems performs better than signature based intrusion detection system for novelty detection i.e. detection of new attack is very important for intrusion detection system. Researchers have implemented various classification algorithms for intrusion detection.

- by Manu Bijone
- •
- Software Engineering, Information Security, Computer Engineering, Network Security

Honeypots are computers specifically deployed to be a resource that is expected to be attacked or compromised. While the attacker is distracted with the decoy computer system we learn about the attacker and their methods of attack. From the information gained about the attacks we can then review and harden out security systems. Compared to an Intrusion Detection System (IDS) which may trigger false positives, we take the standpoint that nobody ought to be interacting with the decoy computer; therefore we regard all interactions to be of value and worth investigation. A sample of honeypots are evaluated and one selected to collect attacks. The captured attacks reveal the source IP address of the attacker and the service port under attack. Attacks where the exploit attempts to deploy a binary can capture the code, and automatically submit it for analysis to sandboxes such as VirusTotal.

Zero day attack is a form of cyber-attack that exploits the vulnerabilities of a systems, protocols,
software, computer port and Networks. When vulnerabilities are detected the main target must
be known. However, some attacks can be prone to unpatched vulnerabilities. These kind of
attacks are called zero day attack because they are unknown attacks which are rarely predicted
and classified because of the nature of its attack. Prediction and classification of zero day attack
of cyber warfare is an important concept in the cyber space. It has been established that series of
zero day attacks occur daily due to the frequent use of the internet and its resources. Therefore,
these problems have led to insecurity of resources which varies from internet fraud, scam and
financial loss. In this study, an experiment was performed using deep learning approach. .
Honeynet hardware was setup to collect zero day attack. Bidirectional recurrent neural network
algorithm was used for the analysis of the data set at different level of granularity. The prime
focus of the study is to predict the possibility of a zero day attack using parameter setting. The
percentage of accuracy of the developed model was 92% as against the benchmark in the
previous study of 63% accuracy.
Keyword: zero day attack, Bidirection recurrent neural network. Honeypot.,

Traditional software security patches often have the unfortunate side-effect of quickly alerting attackers that their attempts to exploit patched vulnerabilities have failed. Attackers greatly benefit from this information; it expedites their search for unpatched vulnerabilities, it allows them to reserve their ultimate attack payloads for successful attacks, and it increases attacker confidence in stolen secrets or expected sabotage resulting from attacks.

Honeypots are security defence tools. They are fake hosts designed to lure attackers away from real systems and capture malware threat analytics and attacker behaviour data for later analysis. The efficacy of a honeypot in attack mitigation and collecting attack behaviour
analysis lies in its ability to obfuscate itself as a real system. Attackers are often successful in
identifying honeypots because of the limitations inherent to fake systems. Honeypots are a
vital part of the defence against attacks on computer networks. Their ability to lure attackers
away from real targets makes them a crucial security tool. However, attackers are coming up
with new ways of identifying and taking over honeypots. In the never-ending race against
novel attacks, honeypots and how we use them must also be further developed.
This project solves some of the inherent limitations of honeypots by designing, building and
evaluating a novel honeypot deployment concept leveraging cloud technologies. This new
concept, a small, substantial contribution in the field, shifts the approach of deploying
honeypots into the cloud. It is a new development in how honeypots are used and deployed
in the cloud reducing the maintenance costs of honeypots in mitigating attacks by relying on
resources that do not exist when the attack is started.
In section one of the project, the efficacy of common honeypots is researched, and gaps are
identified in the literature to explore the state of the art of honeypot development and to
pinpoint the issues with common honeypots, how attackers can identify them and the lack of
research in leveraging the possibilities of the cloud in honeypot deployment. Section two
breaks down the issues identified to honeypot believability, security, availability, automation
and resource usage, setting the objectives to deploy honeypots in a resource-aware, timely
and stealthy manner to resist identification by attackers by making honeypots
indistinguishable from legitimate hosts. A novel, dynamic honeypot deployment concept is
designed and implemented on a cloud platform in section three. Tests are set up, executed,
and test results are captured in section four to prove the feasibility of the novel honeypot
deployment design. Section five contains the analysis of the test results, and section 6
concludes the project. In section seven, further research opportunities of interest are
discussed.

Teknologi Internet saat ini tidak lepas dari banyak masalah ataupun celah keamanan. Banyaknya celah keamanan ini dimanfaatkan oleh orang yang tidak berhak untuk mencuri data-data penting. Kasus serangan terjadi karena pihak yang diserang juga tidak menyadari pentingnya keamanan jaringan untuk diterapkan pada sistem yang dimiliki. Honeypot yang dipadu dengan IPS menggunakan PSAD dan Fwsnort memberikan solusi untuk masalah tersebut. IPS berfungsi sebagai sistem yang bekerja memantau aktivitas jaringan yang melalui sistem IPS pada mode inline dan memblokir alamat IP yang mencurigakan setelah data stream dicocokan dengan signature yang ada, sedangkan Honeypot bekerja untuk mengetahui aktivitas penyerang dan semua aktivitas yang menuju pada honeypot dianggap mencurigakan. Hasil penelitian menunjukkan bahwa kemampuan Honeypot yang dipadu dengan IPS PSAD dan Fwsnort dapat saling melengkapi dalam mendeteksi serangan yang tidak diketahui oleh sistem IPS. Sistem ini juga menghasilkan log data yang dapat digunakan oleh administrator dalam menanggulangi serangan yang terjadi.

Information security is a vital aspect of any organization. Most of the organizations relay and trust on the intrusion Detection System (IDS) which play important role in detecting intrusions in data network environment. The design of IDS varies with implementation of different IDS techniques involved. The design of IDS techniques keep changes as the trend of data network innovative attack methods gets updated day by day. Hence there is no single perfect solution is found for detecting the intrusions in the data network. In general IDS systems are complex and it is an ongoing process. There are dissimilar types of intrusion detection systems exist and pass through a common problem of rendering high volume of alerts and immense number of false positives. The false positive alert alters the space and time complexities of the IDS modules and gradually slows down the detection rate and performance of the system. This is the main motive behind the research of this paper. The objective of this research paper is to explore and suggest different techniques which help design in building the optimal intrusion Detection system of low cost and high performing computational capability and adaptability to various network environments for the results of false alert reduction, a high intrusion detection rate, risk management both detection and control the intrusions, finally to identify the real attacks from other false alarms and events of the system. This paper navigates through different associated studies of the last decade with providing a citation for further research in this domain. Various unresolved issues have also been covered in this manuscript.

Mobile devices suffer daily threats of various kinds, in particular in a digital form, where users without consent receives and installs malware on their mobile devices via wireless networks, getting their information vulnerable to unauthorized persons. Aiming to learn more targeted attacks on mobile devices,
this paper presents a mechanism that emulates services and protocols within a mobile device with the Android OS. Our work is inspired by the idea of a Honeypot and its use is to learn from the invader. Thus, we first propose a Framework for mobile devises for reuse purposes. Then, we use the Framework itself to propose a honeypot that emulates services such as telnet, http and SMS in the application level of the Android operating system

In this project we are about to deploy several honeypots in two Raspberry PI devices in order to analyze attacks directed to the UGR network. We present here a brief resume of the results of the experiment. On the one hand, we have results from a Kippo honeypot related to brute force attacks from several IP directions, most of them coming from Asia. In addition we show the results of a malware analysis of samples obtained from Kippo. On the other hand, we will obtain several results related to web attacks with another low/medium interaction honeypot, Glastopf. In this particular project, the main purpose is to identify and classify several samples of malware as well as to show to the reader a general method to achieve this goal.

Intrusion Detection systems (IDS) are an essential element for Network Security Infrastructure and play an important role in detecting large number of attacks. Intrusion Prevention System (IPS) is a tool that is used to prevent spywares from getting intrusion into a system and one of the techniques used in IPS is Completely Automated Public Turning test to tell Computers and Human Apart (CAPTCHA). In order to detect illegal access of the web from the intruder, IDS, IPS can be implemented with the use of honeypot to track the IP address, location and country or region of the attacker in order to block the attacker from accessing the system. Different techniques have been adopted by different researchers using IDS, IPS and honeypot to protect their system against illegal attacks. As discovered in the existing systems CAPTCHA was not employed in IDS to detect spywares capable of breaking and having access to the system. To increase and maintain the security in a Network the combination of IDS with CAPTCHA, IPS and a dummy Honeypot can be employed. This work proposes a CAPTCHA –based Intrusion Detection Model with a redirector in order to identify the intelligent spywares that are capable of breaking CAPTCHA in IPS. Also using a dummy honeypot with circular hyperlinks so as to lewd the software that infiltrated the system in order to capture its IP address and other important information about the spywares such as the country or region it's coming from, web browser used and date and time of intrusion so as to block and prevent illegal access by intruders. This paper focuses on capturing the intelligent spywares capable to break through the new CAPTCHA trap IDS so as to gather information about it and necessary action can be taken against it. A security model was designed having having CAPTCHA IDS with a redirector, IPS and a honeypot cable of detecting intrusion by intelligent spyware With this model the network will be more secured against intrusion by spywares.

The continuously emerging, operationally and managerially independent, geographically distributed computer networks deployable in an evolutionarily manner have created greater challenges in securing them. Several research works and experiments have convinced the security expert that Network Intrusion Detection Systems (NIDS) or Network Intrusion Prevention Systems (NIPS) alone are not capable of securing the Computer Networks from internal and external threats completely. In this paper we present the design of Intrusion Collaborative System which is a combination of NIDS,NIPS, Honeypots, software tools like nmap, iptables etc. Our Design is tested against existing attacks based on Snort Rules and several customized DDOS , remote and guest attacks. Dynamic rules are generated during every unusual behavior that helps Intrusion Collaborative System to continuously learn about new attacks. Also a formal approach to deploy Live Intrusion Collaboration Systems based on System of Systems Concept is Proposed.

Security threats for computer workstations and servers have been receiving full attention from both cyber security companies and researchers. Researchers and security companies employ honeypots as a platform to capture both an attacker’s profile as well as the behaviour of destructive programs (i.e., virus, malware, Trojan). However, little attention has been given to security monitoring for smart mobile devices, which includes smart phones and tablet PCs. Therefore, this paper proposes a conceptual framework for deploying honeypots in smart mobile devices. The proposed conceptual framework for mobile honeypots could run in two modes. In addition to conventional methods in capturing patterns of attacks, the conceptual framework has also considered incorporating user behavioral modelling for better understanding of specific user behavior for cyber security.

This paper is an investigation focusing on activities detected by SSH honeypots that utilised kippo honeypot software. The honeypots were located across a variety of geographical locations and operational platforms. The honeynet has suffered prolonged, persistent and attack from a /24 network which appears to be of Chinese geographical origin. In addition to these attacks, other attackers have been successful in compromising real hosts in a wide range of other countries that were subsequently involved in attacking the honeypot machines in the honeynet.

- by Craig Valli and +1
- •
- Information Security, Network Security, Intrusion Detection Systems, Cyber Security

This paper outlines initial analysis from research in progress into ADSL homed Nepenthes honeypots. One of the Nepenthes honeypots prime objective in this research was the collection of malware for analysis and dissection. A further objective is the analysis of risks that are circulating within ISP networks in Western Australian. What differentiates Nepenthes from many traditional honeypot designs it that is has been engineered from a distributed network philosophy. The program allows distribution of results across a network of sensors and subsequent aggregation of malware statistics readily within a large network environment.

This study aims at distinguishing honey based on botanical and geographical sources. Different floral honey samples were collected from diverse geographical locations of Saudi Arabia. UV spectroscopy in combination with chemometric analysis including Hierarchical Cluster Analysis (HCA), Principal Component Analysis (PCA), and Soft Independent Modeling of Class Analogy (SIMCA) were used to classify honey samples. HCA and PCA presented the initial clustering pattern to differentiate between botanical as well as geographical sources. The SIMCA model clearly separated the Ziziphus sp. and other monofloral honey samples based on different locations and botanical sources. The results successfully discriminated the honey samples of different botanical and geographical sources validating the segregation observed using few physicochemical parameters that are regularly used for discrimination.

- by Abdulrahman A Roshan
- •
- Geography, Chemometrics, Saudi Arabia, Medicine

Most of the network habitats retain on facing an ever increasing number of security threats. In early times, firewalls are used as a security examines point in the network environment. Recently the use of Intrusion Detection System (IDS) has greatly increased due to its more constructive and robust working than firewall. An IDS refers to the process of constantly observing the incoming and outgoing traffic of a network in order to diagnose suspicious behavior. In real scenario most of the environments are dynamic in nature, which leads to the problem of concept drift, is perturbed with learning from data whose statistical attribute change over time. Concept drift is impenetrable if the dataset is class-imbalanced. In this review paper, study of IDS along with different approaches of incremental learning is carried out. From this study, by applying voting rule to incremental learning a new approach is proposed. Further, the comparison between existing Fuzzy rule method and proposed approach is done.

Modern cyber security educational programs that emphasize technical skills often omit or struggle to effectively
teach the increasingly important science of cyber deception. A strategy for effectively communicating deceptive
technical skills by leveraging the new paradigm of honeypatching is discussed and evaluated. Honey-patches mislead attackers into believing that failed attacks against
software systems were successful. This facilitates a new
form of penetration testing and capture-the-flag style exercise in which students must uncover and outwit the
deception in order to successfully bypass the defense. Experiences creating and running the first educational lab to
employ this new technique are discussed, and educational
outcomes are examined.

This paper is an investigation focusing on activities detected by three SSH honeypots that utilise Kippo honeypot software. The honeypots were located on the same /24 IPv4 network and configured as identically as possible. The honeypots used the same base software and hardware configurations. The data from the honeypots were collected during the period 17th July 2012 and 26th November 2013, a total of 497 active day periods. The analysis in this paper focuses on the techniques used to attempt to gain access to these systems by attacking entities. Although all three honeypots are have the same configuration settings and are located on the same IPv4 /24 subnet work space, there is a variation between the numbers of activities recorded on each honeypots. Automated password guessing using wordlists is one technique employed by cyber criminals in attempts to gain access to devices on the Internet. The research suggests there is wide use of automated password tools and wordlists in attempts to gain access to the SSH honeypots, there are also a wide range of account types being probed.

- by Craig Valli and +1
- •
- Network Security, Intrusion Detection Systems, Cyber Security, Intrusion Detection Systems and Honeypots

Hari ini kami berpetualang ke perbukitan lewat belakang pasar Ciheras. Tujuannya: melihat demonstrasi perburuan sarang lebah odeng. Ditemani Wa Atang, kami pun menyusuri bukit dan lembah. Sambil istirahat sebentar, Wa Atang menyiapkan dua buah suar dari daun kelapa kering. Suar tersebut nanti akan dibakar. Asapnya berfungsi untuk menghalau lebah. Setibanya di lokasi, kami pun melepas sandal dan langsung memanjat lereng dengan kemiringan 75 derajat. Kedua tangan sibuk mencari akar-akar dan batang pohon sebagai pegangan, sementara kaki sibuk mencari pijakan. Karena sudah penuh dengan daun-daun kering, maka mencari pijakan yang kokoh haruslah hati-hati. Wa Atang pun mulai memanjat pohon yang terdapat sarang lebah, lalu duduk di percabangannya. Sepuluh meter di atasnya ada sarang lebah odeng yang masih muda, dengan ukuran panjang sekitar 1 m dan lebar 50 cm. Posisi sarang tersebut dari pangkal pohon sekitar 20 m lebih. Selesai menyalakan suar dan berdoa Wa Atang, yang merupakan 'pawang' lebah kemudian mulai memanjat sambil membawa suar, pisau, dan plastik. Sesampainya di atas asap dari suar diarahkan ke sarang lebah. Lebah-lebah odeng pun berhamburan meninggalkan sarang. Terbang kesana-kemari, termasuk mengerumuni kami yang menunggu di bawah. Namun kami tetap aman karena asap dari suar.

This paper is a survey of the work, done for making an IDS fault tolerant.Architecture of IDS that uses mobile Agent provides higher scalability. Mobile Agent uses Platform for detecting Intrusions using filter Agent, co-relater agent, Interpreter agent and rule database. When server (IDS Monitor) goes down, other hosts based on priority takes Ownership. This architecture uses decentralized collection and analysis for identifying Intrusion. Rule sets are fed based on user-behaviour or applicationbehaviour.This paper suggests that intrusion detection system (IDS) must be fault tolerant; otherwise, the intruder may first subvert the IDS then attack the target system at will.

The national energy system is the most critical of the critical infrastructures, and one which has become surprisingly vulnerable to cyberattacks in the last couple of years. Both unexpected technical design flaws and targeted attacks carried out by state-sponsored actors have raised challenges for the operators of essential services. Although this infrastructure is the subject of many regulations, and national security agencies pay special attention to such critical information infrastructures, gathering cyber threat intelligence is not straightforward for several reasons. First, special protocols in industrial control systems and operational technology (ICS/ OT) systems are difficult to monitor. Second, information sharing does not really work, neither between states nor domestically. Third, due to the lack of thorough technical recommendations, there is no common understanding between responsible authorities and critical information infrastructure operators. In Hungary, key stakeholders of the national electricity system have realized that although some local and European legislation deals with the question of the cybersecurity of critical information infrastructure, many open questions remain in practice, both from policy and technology perspectives. In 2018, Hungarian manufacturers, energy service providers and responsible authorities started a discussion on what should be improved in legislation and technology, as well as in information sharing and how. This paper aims to describe the framework of this collaboration for information sharing and the initial results. Specifically, we present the current technical capabilities for gathering cyber threat intelligence in ICS/OT systems and propose some legislative actions that could support further technical solutions that are feasible in these special systems. We also present Tactics, Techniques, and Procedures (TTPs) and the goals of threat actors in energy systems that can be seen from the current data sets of our honeypots.

- by IJNSA Journal and +1
- •
- Network Forensics, Intrusion Detection Systems and Honeypots, Legal Aspects of Business, IPv6 IP traceback

There are various tools available on the Internet, which can help in determining the operating system of a host by examining details in the way the TCP/IP stack was implemented within that operating system. This method is called TCP/IP fingerprinting which has proven to be a reasonably reliable method of determining a victim hosts operating system. This paper will examine the efficiency and performance of a new network defence tool called honeyd which is a deceptive virtual honeypot system that uses deceptive OS fingerprinting.

Today's Internet and enterprise networks are so popular as they can easily provide multimedia and e-commerce services to millions of users over the Internet in our daily lives. Since then, security has been a challenging problem in the Internet's world. That issue is called Cyberwar, in which attackers can aim or raise Distributed Denial of Service (DDoS) to others to take down the operation of enterprises Intranet. Therefore, the need of applying an Intrusion Detection System (IDS) is very important to enterprise networks. In this paper, we propose a smarter solution to detect network anomalies in Cyberwar using Stacking techniques in which we apply three popular machine learning models: k-nearest neighbor algorithm (KNN), Adaptive Boosting (AdaBoost), and Random Decision Forests (RandomForest). Our proposed scheme uses the Logistic Regression method to automatically search for better parameters to the Stacking model. We do the performance evaluation of our proposed scheme on the latest data set NSL-KDD 2019 dataset. We also compare the achieved results with individual machine learning models to show that our proposed model achieves much higher accuracy than previous works.

Smartphone sebagai perangkat selular yang popular digunakan
rentan terhadap serangan malware dan phising attack. Jaringan selular
sendiri tidak mampu menghalangi attacker untuk melakukan interaksi
dengan smartphone sasaran. Operator seluler dituntut untuk
menyediakan layanan serta langkah untuk mendeteksi dan mengurangi
serangan terhadap pengguna layanan. Honeypot generasi sebelumnya
terbukti mampu menjadi tools yang dapat digunakan menghalangi
serangan. Namun keterbatasan utilitas yang dimiliki menghambat
honeypot untuk memiliki cakupan yang memadai. Cellpots sebagai
solusi yang ditawarkan sebagai next generation honeypot pada layanan
selular dengan konsep deteksi ancaman dan pertahanan. Cellpots
sebagai komponen diletakkan di small cells BTS dikontrol penuh oleh
operator selular. diharapkan next generation honeypot ini mampu
menyediakan solusi efektif dari segi biaya serta mampu mengurangi dan
mendeteksi ancaman pada pengguna smartphone di jaringan selular.

As of today, we are relying more and more on Internet or network computer access, a growing problem intrusion into computer systems by unauthorized users has been observed. An intrusion is unauthorized access or attempted access into or unauthorized activity in a computer or information system. Intrusion detection technologies are therefore becoming extremely important to improve the overall security of computer systems. Intrusion detection is the process of identifying that an intrusion has been attempted, is occurring or has occurred. In this paper, we are focusing on Intrusion Detection System based on genetic algorithm (GA).

Social Networking Sites, in the present scenario, are an amalgam of knowledge and spam. As their popularity surges among the users day by day so does it among the spammers looking at easy targets for their campaigns. The threat due to spams causing atrocious harm to the bandwidth, overloading the servers, spreading malicious pages online et cetera has increased manifold making it necessary for researchers to foray into this field of spam detection and reduce their effect on the various social networking sites. In this paper, we propose a framework for spam detection in the two largest social networking sites namely, Twitter and Facebook. We'll be utilizing the data publically available on these two giants of social networking era. Initially, we'll be citing the various approaches that have already been explored in this field. After that we'll briefly explain the two methods that we used to collect the datasets from these websites.

- by Akanksha Dhamija
- •
- Engineering, Facebook, Twitter, Intrusion Detection Systems and Honeypots