Skip to Main content Skip to Navigation
Conference papers

Large Scale Activity Monitoring for distributed honeynets

Jerome Francois 1 Radu State 1 Olivier Festor 1
1 MADYNES - Management of dynamic networks and services
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : This paper proposes a new distributed monitoring approach based on the notion of centrality of a graph and its evolution in time. We consider an activity profiling method for a distributed monitoring platform and illustrate its usage in two different target deployments. The first one concerns the monitoring of a distributed honeynet, whilst the second deployment target is the monitoring of a large network telecope. The central concept underlying our work are the intersection graphs and a centrality based locality statistics. These graphs have not been used widely in the field of network security. The advantage of this method is that analyzing aggregated activity data is possible by considering the curve of the maximum locality statistics and that important change point moments are well identified.
Document type :
Conference papers
Complete list of metadata

Cited literature [10 references]  Display  Hide  Download

https://hal.inria.fr/inria-00172053
Contributor : Radu State <>
Submitted on : Thursday, September 13, 2007 - 11:27:58 PM
Last modification on : Friday, February 26, 2021 - 3:28:04 PM
Long-term archiving on: : Monday, September 24, 2012 - 12:25:23 PM

File

im2007.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Jerome Francois, Radu State, Olivier Festor. Large Scale Activity Monitoring for distributed honeynets. The Second International Conference on Internet Monitoring and Protection - ICIMP 2007, 2007, San Jose, United States. ⟨10.1109/ICIMP.2007.24⟩. ⟨inria-00172053⟩

Share

Metrics

Record views

223

Files downloads

279