Various tools and methods are developed to secure our information systems against hackers.This work proposes a new security architecture of IS, using a combination of Honeyd and their plugin honeycomb with intrusion detection system based on mobile agent and data mining algorithm Clust-density. theprinciplal goal is to detect intrusions flowing through the network. also, we show that by using this architecture, we obtained a higher level of security and we can study the behavior of the pirates and their techniques to evaluate the system in which it is implemented by simulating a vulnerable machine and /or network.
Affilation : Systems Engineering Laboratory, Data Analysis and Security Team National School of Applied Sciences, University Ibn Tofail, Kénitra, Morocco
Emails:
chaimaesaadi900@gmail.com *
mejhed90@gmail.com **
Chaimae Saadi, Habiba Chaoui, "Security by IDS-AM-Clust, honeyd and honeycomb" International Journal of Engineering Works, Vol. 2, Issue 9, PP. 84-92, Sept. 2015.
[1] L. Zpitzner, Honeypots: Tracking Hackers, Addison Wasley Professional, ISBN-10: 0321108957, (septembre 2002).
[2] Ashish Girdhar et Al : Comparative Study of Different Honeypots System, Volume 2, Issue 10 (August 2012), PP. 23-27.
[3] S. S. Muhammad, S. H. Choong, A Novel Architecture for Real-time Automated Intrusion Detection Fingerprinting using Honeypot, 27th KIPS Spring Conference, Korea, pp.1093-1095, (mai 2007).
[4] Bill Cheswick, “An Evening with Berferd: In Which a Cracker is Lured, Endured, and Studied.” 1991.
[5] Chaimae Saadi, Habiba Chaoui and Hassan Erguig Security Analysis Using IDs Based on Mobile Agents and Data Mining Algorithms / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 6 (1), 597- 602, 2015.
[6] Chaimae Saadi, Habiba Chaoui, Hassan Erguig, Contribution to Abnormality Detection by Use of Clust-Density Algorithm DOI: http://dx.doi.org/10.15866/irecos.v10i4.5699/2015
[7] Chaimae saadi and Habiba Chaoui, IDS based interaction on mobile agents and Clust-density algorithm IDS-AM-Clust curent accepted .
[8] Cohen, Fred. “Deception ToolKit”. circa 2001 URL: http://www.all.net/dtk/dtk.html , March 13, 2003.
[9] J. Tian, J. Wang, X. Yang, R. Li, A Study of Intrusion Signature Based on Honeypot, Sixth International Conference on Parallel and Distributed Computing Applications and Technologies (PDCAT05), pages 125 – 129, (2008).
[10] C, Chi, M. Li, D. Liu, A Method to Obtain Signatures from Honeypot Data, Lecture Notes in Computer Science, Volume 3222/2004, 435-442, DOI: 10.1007/978-3-540- 30141-7_61, (2004).
[11] Ram Kumar Singh : Intrusion Detection System Using Advanced Honeypots, (IJCSIS) International Journal of Computer Science and Information Security, Vol. 2, No. 1, 2009.
[12] S. Riebach, B. Toedtmann, E. Rathgeb. Combining IDS and Honeynet Methods for Improved Detection and Automatic Isolation of Compromised Systems, Computer Networking Technology Group, Institute for Experimental Mathematics, University Duisburg-Essen, Germany, (2006).
[13] C. Kreibich, J. Crowcroft, Honeycomb – Creating Intrusion Detection Signatures Using Honeypots, ACM SIGCOMM Computer Communication Review, 34, 51 – 56, (2004).
[14] C. Kreibich and J. Crowcroft. Honeycomb — Creating Intrusion Detection Signatures Using Honeypots 2nd Workshop on Hot Topics in Networks (HotNets-II), 2003, Boston, USA.
[15] Hatem Bouzayani : Modèle quantitatif pour la détection d’intrusion. Une architecture collaborative IDS-HONEYPOT (Juin 2012).