Anomaly based intrusion detection for network monitoring using a dynamic honeypot.

Author

Jeff Hieb, University of Louisville

Date on Master's Thesis/Doctoral Dissertation

12-2004

Document Type

Master's Thesis

Degree Name

M.S.

Department

Computer Engineering and Computer Science

Committee Chair

Graham, James H.

Subject

Computer networks--Security measures

Abstract

This thesis proposes a network based intrusion detection approach using anomaly detection and achieving low configuration and maintenance costs. A honeypots is an emerging security tool that has several beneficial characteristics, one of which is that all traffic to it is anomalous. A dynamic honeypot reduces the configuration and maintenance costs of honeypot deployment. An anomaly based intrusion detection system with low configuration and maintenance costs can be constructed by simply observing the egress and ingress to a dynamic honeypot. This thesis explores the design and implementation of a dynamic honeypot using a variety of publicly available tools. The main contributions of the design consist of a database containing network relevant information and a dynamic honeypot engine that generates honeypot configurations from the relevant network information. The thesis also explores a simple intrusion detection system built around the dynamic honeypot. These systems were experimentally implemented and preliminary testing identified anomalous traffic, though in some cases it was not necessarily intrusive. In one instance the dynamic honeypot based intrusion detection system identified an intrusion, which was not detected by conventional means.

Recommended Citation

Hieb, Jeff, "Anomaly based intrusion detection for network monitoring using a dynamic honeypot." (2004). Electronic Theses and Dissertations. Paper 616.
https://doi.org/10.18297/etd/616