Deliberative multi-agent system for data collection and analysis in Honeynets
Keywords:
Honeynet, IDS, deliberative agents, multiagent systemAbstract
This paper aims to present the proposal and implementation of a deliberative multi-agent for the extraction of the different events captured within a Honeynet, its analysis, processing and use within a case based reasoning model. The overall design of the Multi-Agent platform, the responsibility of each of its components, its implementation and the results obtained are presented.
References
HoneyNet Project, “Know your enemy: HoneyNets. Honeynet Project” 2006. Disponible en: http://old.honeynet.org/papers/honeynet/
M. Garnaeva, V. Chebyshev, D. Makrushin, R. Unuchek, A. Ivanov,“Kaspersky Security Bulletin 2014. Overall statistics for 2014” Securelist, 8, Dic.2014. Disponible:https://securelist.com/analysis/ kaspersky-security-bulletin/68010/kaspersky-security-bulletin-2014-overall-statistics-for-2014/
Isaza, G. Castillo, AG., et al. “Towards Ontology-Based Intelligent Model for Intrusion Detection and Prevention”. En: Estados Unidos Journal Of Information Assurance And Security ISSN: 1554-1010 ed: v.5 fasc.2 p.376 - 383 ,2010
R.A. Becker, S.G. Eick, and A.R. Wilks, “Visualizing Network Data,”IEEE Transaction. Visualization and Computer Graphics, vol. 1, no.1, pp. 16-28, Mar. 1995.
A. Alonso, S. Porras, E. Ezpeleta, E. Vergara, I. Arenaza, R. Uribeetxeberria, and E. Corchado, “Understanding Honeypot Data by an Unsupervised Neural Visualization,”Springer Berlin Heidelberg. Computational Intelligence in Security for Information System 2010, vol. 85, pp. 151-160,2010.
C. Döring, “Improving network security with Honeypots, Honeypots Project”Tesis de Maestría dirigida por Dr. Heinz-Erich Erbs,Universidad Wisconsin- Platteville. Darmstadt. 2005.
J. Yin, G. Zhang, andY-Q. Chen, “Intrusion discovery with data mining on Honeynet”, 2003 International Conference Machine Learning and Cybernetics”, pp.41-45,2-5 Nov. 2003.
G. Rammidi, (2010). “Survey on Current Honeynet research”. Disponible: http://honeynetproject.ca/files/survey.pdf
B. Khosravifar, M. Gomrokchi, and J. Bentahar, “A Multi-Agent-Based Approach to Improve Intrusion Detection Systems False Alarm Ratio by Using Honeypot,” International Conference on Advanced Information Networking and Application, pp.97-102, 2009.
H. Wang, H andQ. Chen, Q, “Design of Cooperative Deployment in Distributed Honeynet System,”14th International Conference on Computer Supported Cooperative Word in Design (CSCWD), pp.711-716,2010.
A. Herrero and E. Corchado, “Multiagent System for Network Intrusion Detection,” Computational Intelligence in Security for Information System, pp.143-154, 2009. Springer Berlin Heidelberg.
I.S. Kim andM.H. Kim, “Agent-Bases Honeynet Framework for Protecting Server in Campus Networks,”Information Security, IET, vol. 6, no. 3, pp-202-211, 2012.
Fan, W., Du, Zhihui, Fernandez, D. Taxonomy of Honeynet Solutions. Conference: SAI Intelligent Systems Conference (IntelliSys), At London, United Kingdom. 2015
Pauna, A.,Patriciu, V. CASSHH – Case Adaptive SSH Honeypot. Recent Trends in Computer Networks and Distributed Systems Security Volume 420 of the series Communications in Computer and Information Science pp 322-333. 2014
Zakaria, WZ, Kiah, LM. Implementing a CBR Recommender for Honeypot Configuration using jCOLIBRI. Conference Paper. Conference: 3rd International Conference on Computer Science and Computational Mathematics (ICCSCM 2014). 2014
Kácha, P.: IDEA: Classification of security events, their participants anddetection probes, in WSEAS TRANSACTIONS on COMPUTERS, pp. 213- 223, 2015.
Modern Honey Network, 2015: http://threatstream.github.io/mhn/
Biswas, J.: Analysis of Client Honeypots, in International Journal of Computer Science & Information Technologies, 5(4), 2014.
A. G. Castillo, “Modelos y Plataformas de Agentes Software Móviles e Inteligentes para Gestión del Conocimiento en el Contexto de las Tecnologías de la Información”, Tesis Doctoral dirigida por Luis Joyanes Aguilar, Facultad de Informática. Universidad Pontificia de Salamanca. Madrid, 2004.
W. S. Humphrey, “The Personal Software ProcessSM (PSPSM)”, Software Engineering Intitute, CMU/SEI-2000-TR-022, ESCTR-2000-022, 2000
Carneige Mellon University,“Personal Software Process for Engineers, Using PSP0”, 2006. Disponible: http://www.sei.cmu.edu.