Sistema multi-agente deliberativo para la obtención y análisis de datos en Honeynets
Palabras clave:
Honeynet, IDS, agentes deliberativos, sistema multiagenteResumen
Este artículo presenta la propuesta e implementación de un sistema multi-agente deliberativo para la extracción de los diferentes eventos capturados dentro de una HoneyNet, su análisis, procesamiento y uso dentro de un modelo de razonamiento basado en casos. Se presenta el diseño general de la plataforma multi-Agente, la responsabilidad de cada uno de sus componentes, su ejecución y los resultados obtenidos
Referencias
HoneyNet Project, “Know your enemy: HoneyNets. Honeynet Project” 2006. Disponible en: http://old.honeynet.org/papers/honeynet/
M. Garnaeva, V. Chebyshev, D. Makrushin, R. Unuchek, A. Ivanov,“Kaspersky Security Bulletin 2014. Overall statistics for 2014” Securelist, 8, Dic.2014. Disponible:https://securelist.com/analysis/ kaspersky-security-bulletin/68010/kaspersky-security-bulletin-2014-overall-statistics-for-2014/
Isaza, G. Castillo, AG., et al. “Towards Ontology-Based Intelligent Model for Intrusion Detection and Prevention”. En: Estados Unidos Journal Of Information Assurance And Security ISSN: 1554-1010 ed: v.5 fasc.2 p.376 - 383 ,2010
R.A. Becker, S.G. Eick, and A.R. Wilks, “Visualizing Network Data,”IEEE Transaction. Visualization and Computer Graphics, vol. 1, no.1, pp. 16-28, Mar. 1995.
A. Alonso, S. Porras, E. Ezpeleta, E. Vergara, I. Arenaza, R. Uribeetxeberria, and E. Corchado, “Understanding Honeypot Data by an Unsupervised Neural Visualization,”Springer Berlin Heidelberg. Computational Intelligence in Security for Information System 2010, vol. 85, pp. 151-160,2010.
C. Döring, “Improving network security with Honeypots, Honeypots Project”Tesis de Maestría dirigida por Dr. Heinz-Erich Erbs,Universidad Wisconsin- Platteville. Darmstadt. 2005.
J. Yin, G. Zhang, andY-Q. Chen, “Intrusion discovery with data mining on Honeynet”, 2003 International Conference Machine Learning and Cybernetics”, pp.41-45,2-5 Nov. 2003.
G. Rammidi, (2010). “Survey on Current Honeynet research”. Disponible: http://honeynetproject.ca/files/survey.pdf
B. Khosravifar, M. Gomrokchi, and J. Bentahar, “A Multi-Agent-Based Approach to Improve Intrusion Detection Systems False Alarm Ratio by Using Honeypot,” International Conference on Advanced Information Networking and Application, pp.97-102, 2009.
H. Wang, H andQ. Chen, Q, “Design of Cooperative Deployment in Distributed Honeynet System,”14th International Conference on Computer Supported Cooperative Word in Design (CSCWD), pp.711-716,2010.
A. Herrero and E. Corchado, “Multiagent System for Network Intrusion Detection,” Computational Intelligence in Security for Information System, pp.143-154, 2009. Springer Berlin Heidelberg.
I.S. Kim andM.H. Kim, “Agent-Bases Honeynet Framework for Protecting Server in Campus Networks,”Information Security, IET, vol. 6, no. 3, pp-202-211, 2012.
Fan, W., Du, Zhihui, Fernandez, D. Taxonomy of Honeynet Solutions. Conference: SAI Intelligent Systems Conference (IntelliSys), At London, United Kingdom. 2015
Pauna, A.,Patriciu, V. CASSHH – Case Adaptive SSH Honeypot. Recent Trends in Computer Networks and Distributed Systems Security Volume 420 of the series Communications in Computer and Information Science pp 322-333. 2014
Zakaria, WZ, Kiah, LM. Implementing a CBR Recommender for Honeypot Configuration using jCOLIBRI. Conference Paper. Conference: 3rd International Conference on Computer Science and Computational Mathematics (ICCSCM 2014). 2014
Kácha, P.: IDEA: Classification of security events, their participants anddetection probes, in WSEAS TRANSACTIONS on COMPUTERS, pp. 213- 223, 2015.
Modern Honey Network, 2015: http://threatstream.github.io/mhn/
Biswas, J.: Analysis of Client Honeypots, in International Journal of Computer Science & Information Technologies, 5(4), 2014.
A. G. Castillo, “Modelos y Plataformas de Agentes Software Móviles e Inteligentes para Gestión del Conocimiento en el Contexto de las Tecnologías de la Información”, Tesis Doctoral dirigida por Luis Joyanes Aguilar, Facultad de Informática. Universidad Pontificia de Salamanca. Madrid, 2004.
W. S. Humphrey, “The Personal Software ProcessSM (PSPSM)”, Software Engineering Intitute, CMU/SEI-2000-TR-022, ESCTR-2000-022, 2000
Carneige Mellon University,“Personal Software Process for Engineers, Using PSP0”, 2006. Disponible: http://www.sei.cmu.edu.