Please use this identifier to cite or link to this item:
|Title:||A method to obtain signatures from honeypots data||Authors:||Chi, C.-H.
|Issue Date:||2004||Citation:||Chi, C.-H.,Li, M.,Liu, D. (2004). A method to obtain signatures from honeypots data. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 3222 : 435-442. ScholarBank@NUS Repository.||Abstract:||Building intrusion detection model in an automatic and online way is worth discussing for timely detecting new attacks. This paper gives a scheme to automatically construct snort rules based on data captured by honeypots on line. Since traffic data to honeypots represent abnormal activities, activity patterns extracted from those data can be used as attack signatures. Packets captured by honeypots are unwelcome, but it appears unnecessary to translate each of them into a signature to use entire payload as activity pattern. In this paper, we present a way based on system specifications of honeypots. It can reflect seriousness level of captured packets. Relying on discussed system specifications, only critical packets are chosen to generate signatures and discriminating values are extracted from packet payload as activity patterns. After formalizing packet structure and syntax of snort rule, we design an algorithm to generate snort rules immediately once it meets critical packets. © IFIP International Federation for Information Processing 2004.||Source Title:||Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)||URI:||http://scholarbank.nus.edu.sg/handle/10635/38937||ISSN:||03029743|
|Appears in Collections:||Staff Publications|
Show full item record
Files in This Item:
There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.