Abstract
In recent years, the amount and the sophistication of cyber attacks has increased significantly. This creates a plethora of challenges from a security perspective. First, for the efficient monitoring of a network, the generated alerts need to be presented and summarized in a meaningful manner. Second, additional analytics are required to identify sophisticated and correlated attacks. In particular, the detection of correlated attacks requires collaboration between different monitoring points. Cyber incident monitors are platforms utilized for supporting the tasks of network administrators and provide an initial step towards coping with the aforementioned challenges. In this paper, we present our cyber incident monitor TraCINg. TraCINg obtains alert data from honeypot sensors distributed across all over the world. The main contribution of this paper is a thoughtful discussion of the lessons learned, both from a design rational perspective as well as from the analysis of data gathered during a five month deployment period. Furthermore, we show that even with a relatively small number of deployed sensors, it is possible to detect correlated attacks that target multiple sensors.
Original language | English |
---|---|
Title of host publication | Proceedings of the 8th International Conference on Security of Information and Networks, SIN 2015 |
Editors | Oleg Makarevich, Mehmet Orgun, Atilla Elci, Manoj Singh Gaur, Ronald Poet, Ludmila Babenko, Maxim Anikeev |
Publisher | Association for Computing Machinery |
Publication date | 8 Sept 2015 |
ISBN (Electronic) | 9781450334532 |
DOIs | |
Publication status | Published - 8 Sept 2015 |
Externally published | Yes |
Event | 8th International Conference on Security of Information and Networks, SIN 2015 - Sochi, Russian Federation Duration: 8 Sept 2015 → 10 Sept 2015 |
Conference
Conference | 8th International Conference on Security of Information and Networks, SIN 2015 |
---|---|
Country/Territory | Russian Federation |
City | Sochi |
Period | 08/09/2015 → 10/09/2015 |
Sponsor | Echelon Information Security |
Series | ACM International Conference Proceeding Series |
---|---|
Volume | 08-10-Sep-2015 |
Bibliographical note
Publisher Copyright:© 2015 ACM.
Keywords
- Alert Correlation
- Cyber Security
- Honeypot
- Incident Monitor