Large Scale Activity Monitoring for distributed honeynets

Jerome Francois 1 Radu State 1 Olivier Festor 1
1 MADYNES - Management of dynamic networks and services
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : This paper proposes a new distributed monitoring approach based on the notion of centrality of a graph and its evolution in time. We consider an activity profiling method for a distributed monitoring platform and illustrate its usage in two different target deployments. The first one concerns the monitoring of a distributed honeynet, whilst the second deployment target is the monitoring of a large network telecope. The central concept underlying our work are the intersection graphs and a centrality based locality statistics. These graphs have not been used widely in the field of network security. The advantage of this method is that analyzing aggregated activity data is possible by considering the curve of the maximum locality statistics and that important change point moments are well identified.
Keywords : network telescope honeypot activity monitoring
Type de document :
Communication dans un congrès
IEEE.IARIA. The Second International Conference on Internet Monitoring and Protection - ICIMP 2007, 2007, San Jose, United States. IEEE/IARIA, 2007, 〈10.1109/ICIMP.2007.24〉
Liste complète des métadonnées

Littérature citée [10 références]  Voir  Masquer  Télécharger
https://hal.inria.fr/inria-00172053
Contributeur : Radu State <>
Soumis le : jeudi 13 septembre 2007 - 23:27:58
Dernière modification le : jeudi 11 janvier 2018 - 06:19:50
Document(s) archivé(s) le : lundi 24 septembre 2012 - 12:25:23

Fichier

im2007.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

INRIA | LORIA | UNIV-LORRAINE

Citation

Jerome Francois, Radu State, Olivier Festor. Large Scale Activity Monitoring for distributed honeynets. IEEE.IARIA. The Second International Conference on Internet Monitoring and Protection - ICIMP 2007, 2007, San Jose, United States. IEEE/IARIA, 2007, 〈10.1109/ICIMP.2007.24〉. 〈inria-00172053〉

Exporter

BibTeX TEI DC DCterms EndNote

Partager

Métriques

Consultations de la notice

186

Téléchargements de fichiers

109

Contact


archive-ouverte@inria.fr