Escolar Documentos
Profissional Documentos
Cultura Documentos
It is well-known that honey pots are not a defense in their 4.4 PROJECT DESIGN/TIMELINE
own right, but are an invaluable method of deception that
often buy security officers and system administrators In order to do this research, the IDS and honey pot
valuable time to devise an effective response. There is software must be procured. This will be done legally and
much room for improvement, and as the attackers gain the numbers involved in this are included in the budget
more tools to render honey pots inoperable, the defenders proposed below in section 4.7. A clean host system and
need to improve them constantly or else they will actually virtual network must also be obtained, which can easily
become a weak spot in the defense.[5] be done from the Computer Sciences Department at
Villanova University. Knowledge of how to successfully
execute each attack outlined in the proposal must be
4 PROPOSED WORK gained, so there will be quite a bit of research and practice
necessary.
4.1 INTRODUCTION
We will begin the proposed work by doing research into
We propose to examine the currently available IDS and the execution of attacks on a system, as well as how to
honey pot systems to determine their unique behaviors correctly configure each IDS and honey pot configuration
and limitations. The goal of this research is to improve to ensure the greatest protection possible for each
existing IDS and honey pots to better detect and deceive combination. Following this research period (most likely
attackers in real time. The objective of this is to examine two weeks), the system will be set up, consisting of one
physical computer hosting a network of virtual physical
systems as well as virtual virtual systems. In order to
attack this virtual network, we feel that a separate system
should be used to launch the various attacks, or else the 4.7 PROPOSED PROJECT BUDGET
analysis could get too confusing with all the data coming
and going to the same host computer. The proposed budget for this project is roughly $6,000.
This can be broken down into $199 for the Specter
We feel an adequate amount of time to set up each Research package of the Specter IDS (which already has a
combination of IDS and honey pot and then execute the honey pot system integrated into it. We may add one test
various attacks would be three days per IDS/honey pot to the research, but will disregard the built-in honey pot
combination. After the attacks are completed, the and use Specter in combination with the honey pots
robustness must be examined for each combination. We chosen). The other two popular IDSs are open source,
feel one week is sufficient to accurately determine the and therefore free. The honey pots are all available for
order of robustness for the set of combinations. In this timed trials, so they are free for enough time to do the
manner, it will take about five weeks to do the first phase testing. The only other thing requiring financing would
of the research in totality, plus the two-week front-end for be the publishing of the resulting paper, which we allotted
research and setup. $100 for. Unforeseen expenses have been allowed for,
with $300 going towards those. The remaining portion of
Phase two will take a good amount of time due to the the budget (roughly $5,400) will be used to pay the
sheer volume of data that would need to be examined. primary researcher and one assistant (assuming they each
We feel that one week per IDS/honey pot combination work 15 hours per week, at $10 and $8 per hour,
would be enough time to analyze the data streams. On respectively). By using borrowed equipment and free
this time schedule, phase two would be completed in nine trials, this research is fairly cost-effective.
weeks.
5 CONCLUSION
At the end of the second phase of research, the data would
need to be documented, edited, formatted, and approved By examining two types of both network attacks and
by colleagues and superiors. This would add another network defenses, one can begin to approach the topic of
week or two to the back-end of the research. To account network security in a general sense. The deployment of
for unforeseen circumstances, we will add two buffer honey pots is both a basic and effective method of
weeks to the timeline. In total, this project should take deception and systems mitigation. In order to move
about 20 weeks, or 5 months, to complete. network security forward as a field, honey pots must be
improved upon, as well as used in various ways. In the
4.5 ANTICIPATED RESULTS AND event of an attack, a honey pot system should be dynamic
DISSEMINATION METHODS enough to keep an attacker online and interested in the
system itself, but at the same time should be safe enough
and have the capabilities to ensure the attacker can be
The anticipated results of this project would be in the identified. The cat-and-mouse nature of network security
form of a publishable manuscript of the research findings ensures that it will continue to evolve as a field, and will
as well as a conference paper to be submitted to the become a much more specialized field as it does evolve.
National Information Systems Security Conference.
These results will point out the behavior of the different
combinations of IDS and honey pot systems, as well as REFERENCES
their unique shortcomings and limitations. This research
would hopefully spur improvements on the IDSs and 1. D. Wagner, P. Soto, Mimicry attacks on host-based
honey pots examined. intrusion detection systems, Proceedings of the 9th ACM
conference on Computer and communications security,
Washington, DC, USA, November 18 - 22, 2002, pp.
4.6 PERSONAL STATEMENT 255264