Enhancing IDS - Honeypot Systems

Rainys, D. and Bielko, A. and Cenys, A. (2003) Enhancing IDS - Honeypot Systems. In: Proceedings of the Fourth Conference on Informatics and Information Technology. Institute of Informatics, Faculty of Natural Sciences and Mathematics, Ss. Cyril and Methodius University in Skopje, Macedonia, Skopje, Macedonia, pp. 26-34. ISBN 9989-668-45-0


Download (333kB) | Preview
Official URL: http://ciit.finki.ukim.mk


In this paper we present statistical results recorded by the honeypot system deployed at Vilnius Academy of Sciences library's computer network. The system was functioning for two months in the network's DMZ (demilitarized zone) to be able to detect both local area users and intruders from outside. More than 30 attempts to compromise the system were recorded daily. Most of attempts were scans and probes by automated script-kiddies from the geographically close countries. However, more serious and remote attacks were recorded as well. In the paper we also discuss advantages and risks related with honeypot technology. Biggest advantage of honeypot systems as compared with usual intrusion detection systems (IDS) is absence of false positives making interpretation of obtained data comparatively easy -- any activity from or to honeypot is suspicious one or an attempt to compromise the system.

Item Type: Book Section
Uncontrolled Keywords: honeypot, intrusion detection systems
Subjects: International Conference on Informatics and Information Technologies > Computer Science
International Conference on Informatics and Information Technologies > Information Technology
Depositing User: Vangel Ajanovski
Date Deposited: 28 Oct 2016 00:15
Last Modified: 28 Oct 2016 00:15
URI: http://eprints.finki.ukim.mk/id/eprint/11066

Actions (login required)

View Item View Item