Communications of the ACM
Intrusion detection
Know your enemy: revealing the security tools, tactics, and motives of the blackhat community
Know your enemy: revealing the security tools, tactics, and motives of the blackhat community
Honeypots: Tracking Hackers
Network Intrusion Detection: An Analyst's Handbook
Network Intrusion Detection: An Analyst's Handbook
AINAW '07 Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 01
A pointillist approach for comparing honeypots
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
The nepenthes platform: an efficient approach to collect malware
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Information security strategies: towards an organizational multi-strategy perspective
Journal of Intelligent Manufacturing
| Hi-index | 0.00 |
A system with a high degree of availability and survivability can be created via service duplication on disparate server platforms, where a compromise via a previously unknown attack is detected by a voting mechanism. However, shutting down the compromised component will inform the attacker that the subversion attempt was unsuccessful, and might lead her to explore other avenues of attack. This paper presents a better solution by transforming the compromised component to a state of honeypot; removing it from duty, while providing the attacker with bogus data. This provides the administrator of the target system with extra time to implement adequate security measures while the attacker is busy "exploiting" the honeypot. As long as the majority of components remain uncompromised, the system continues to deliver service to legitimate users.