Abstract/Details

Evaluating the effectiveness of an intrusion prevention/honeypot hybrid


2009 2009

Other formats: Order a copy

Abstract (summary)

An intrusion prevention system is a variation of an intrusion detection system that drops packets that are anomalous based on a chosen criteria. An intrusion prevention system is typically placed on the outer perimeter of a network to prevent intruders from reaching vulnerable machines inside the network, though it can also be placed inside the network in front of systems requiring extra security measures. Unfortunately, intrusion prevention systems, even when properly configured, are susceptible to both false positives and false-negatives. The risk of false positives typically leads organizations to deploy these systems with the prevention capability disabled and only focus on detection.

In this paper I propose an expansion to current intrusion prevention systems that combines them with the principles behind honeypots to reduce false positives while capturing attack traffic to improve prevention rules. In an experiment using the Snort-inline intrusion prevention system, I was able to reduce the rate of false positives to zero without negatively impacting the rate of false-negatives. I was further able to capture a successful attack in a way that minimized disruption to legitimate users but allowed the compromised system to be later analyzed to find weaknesses, improve prevention rules, and prevent future attacks.

Indexing (details)


Subject
Computer science
Classification
0984: Computer science
Identifier / keyword
Applied sciences; Honeynets; Honeypots; Intrusion prevention; Virtualization
Title
Evaluating the effectiveness of an intrusion prevention/honeypot hybrid
Author
Tamagna-Darr, Lucas
Number of pages
34
Publication year
2009
Degree date
2009
School code
0465
Source
MAI 48/02M, Masters Abstracts International
Place of publication
Ann Arbor
Country of publication
United States
ISBN
9781109408737
Advisor
Pan, Yin
Committee member
Border, Charles; Yuan, Bo
University/institution
Rochester Institute of Technology
Department
Computer Security and Information Assurance
University location
United States -- New York
Degree
M.S.
Source type
Dissertations & Theses
Language
English
Document type
Dissertation/Thesis
Dissertation/thesis number
1469750
ProQuest document ID
305074812
Copyright
Database copyright ProQuest LLC; ProQuest does not claim copyright in the individual underlying works.
Document URL
http://search.proquest.com/docview/305074812
Access the complete full text

You can get the full text of this document if it is part of your institution's ProQuest subscription.

Try one of the following:

  • Connect to ProQuest through your library network and search for the document from there.
  • Request the document from your library.
  • Go to the ProQuest login page and enter a ProQuest or My Research username / password.