Abstract
Aggressive and Intelligent Self-defensive Network (AISEN) is an open-source distributed solution that aims at deploying a semi-autonomous network, which enables internal attack deception through misguidance and illusion. In fact, instead of simply preventing or stopping the attack as do traditional Intrusion Prevention Systems (IPS), AISEN drives attackers to attack decoy machines, which clone victim machines by mimicking their personalities (e.g. OS, services running). On top of that, AISEN uses rogue machines that clone idle production machines, which are able to detect human-aware zero-day attacks not seen by IPS. The solution uses real-time dynamic high-interaction honeypot generation, and a novel rerouting schema that is both router and network architecture independent, along with a robust troubleshooting algorithm for sophisticated attacks. Information captured and data gathered from these decoy machines will give CERTs/CISRTs and forensic experts critical data relevant to the sophistication of the attack, vulnerabilities targeted, and some means of preventing it in the future. This project reviewed former designs and similar studies addressing the same issues and emphasizes the added value of this open source solution in terms of flexibility, ease of use and upgrade, deployment, and customization.
Because AISEN seamlessly integrates with Security Information and Event Management (SIEM) software, it goes far beyond standard IPS/IDS alerts. It actually listens for suspicious activities and uncommon behavior (e.g. port scanning in a communication department network) to detect suspicious activities that a normal user would not do. AISEN is designed to enable potential integration with passive Strike-back modules that may be achieved in later work.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Jiang, X., Xinyuan, W.: Out-of-the-box Monitoring of VM-based High-Interaction Honeypots. Dissertation, George Mason University (2007)
Revolution Systems. Linux NAT in Four Steps Using Iptables (2010), http://www.revsys.com/writings/quicktips/nat.html (accessed October 11, 2011)
González, D.: Installing a Virtual HoneyWall Using VMware. In: Spanish Honeynet Project (2004), Available via Papers http://honeynet.org.es/papers/vhwall (accessed October 11, 2011)
The Honeynet Project. Configuring VMware and Installing Your Honeypots (2008), http://www.honeynet.pk/honeywall/eeyore/page2.html (accessed October 11, 2011)
Symantec. Open Source Honeypots, Part Two: Deploying Honeyd in the Wild (2010), http://www.symantec.com/connect/articles/open-source-honeypots-part-two-deploying-honeyd-wild (accessed October 11, 2011)
The Honeynet Project. The HoneyWall (2008), http://www.honeynet.org (accessed May 07, 2011)
Microsoft Technet. Defining Malware: FAQ (2003) http://technet.microsoft.com/en-us/library/dd632948.aspx (accessed on October 11, 2011)
The Internet Engineering Task Force. RFC 1631 - The IP Network Address Translator (NAT) (1994), http://tools.ietf.org/html/rfc1631 (accessed on October 11, 2011)
Lane, A.: Understanding and Selecting SIEM/LM: Use Cases. In: Securosis Blog. Securosis (2010), http://securosis.com/blog/understanding-and-selecting-siem-lm-use-cases-part-1 (accessed October 11, 2011)
Hudak, S.: Automatic Honeypot Generation and Network Deception. In: Scientific Literature Digital Library and Search (2008) (accessed on July 12, 2011)
Provos, N.: A Virtual Honeypot Framework. University of Michigan (2003) (accessed on September 4, 2011)
CyberCiti. Mac OS X: Set Port Forwarding Nat Router (Internet Sharing) (2010), http://www.cyberciti.biz/faq/howto-configure-macosx-as-nat-router (accessed on October 12, 2011)
Hecker, C., Kara, N., Brian, H.: Dynamic Honeypot Construction. University of Alaska Fairbanks (2006) (accessed October 11, 2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Elouafiq, A., Khobalatte, A., Benhallam, W. (2012). Aggressive and Intelligent Self-Defensive Network. In: Benlamri, R. (eds) Networked Digital Technologies. NDT 2012. Communications in Computer and Information Science, vol 293. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30507-8_30
Download citation
DOI: https://doi.org/10.1007/978-3-642-30507-8_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30506-1
Online ISBN: 978-3-642-30507-8
eBook Packages: Computer ScienceComputer Science (R0)