By Topic

HonIDS: enhancing honeypot system with intrusion detection models

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Yong Tang ; Sch. of Comput. Sci., National Univ. of Defense Technol., Hunan ; Huaping Hu ; Xicheng Lu ; Jie Wang

Honeypots are highly valued for their detective function. However, suitable detection models use in honeypot system have not been fully explored. We present HonIDS, a honeypot system for detecting malicious hosts and intruders in local network. HonIDS is characterized by its layered structure and is enhanced by two detection models: TFRPP (times, frequency, range, port risk, average payload length) model and Bayes model. The basic idea of these models is that although it is hard to directly judge whether one interaction with the honeypots is an attack or malicious activity, it is possible to identify intruders by analyzing the plentiful and global events of honeypots in a given period of time. The TFRPP model gives the honeypot system the ability to assess different risks, by assigning dubiety scores to the hosts who visited honeypots. The Bayes detection model can detect some main types of attacks by classification. The results of our evaluation experiments indicate that TFRPP model and Bayes model are effective and suitable for honeypot system

Published in:

Information Assurance, 2006. IWIA 2006. Fourth IEEE International Workshop on

Date of Conference:

13-14 April 2006