Skip to main content
SpringerLink
Log in

Aggressive and Intelligent Self-Defensive Network

Towards a New Generation of Semi-autonomous Networks

  • Conference paper
Networked Digital Technologies (NDT 2012)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 293))

Included in the following conference series:

  • 1490 Accesses

Abstract

Aggressive and Intelligent Self-defensive Network (AISEN) is an open-source distributed solution that aims at deploying a semi-autonomous network, which enables internal attack deception through misguidance and illusion. In fact, instead of simply preventing or stopping the attack as do traditional Intrusion Prevention Systems (IPS), AISEN drives attackers to attack decoy machines, which clone victim machines by mimicking their personalities (e.g. OS, services running). On top of that, AISEN uses rogue machines that clone idle production machines, which are able to detect human-aware zero-day attacks not seen by IPS. The solution uses real-time dynamic high-interaction honeypot generation, and a novel rerouting schema that is both router and network architecture independent, along with a robust troubleshooting algorithm for sophisticated attacks. Information captured and data gathered from these decoy machines will give CERTs/CISRTs and forensic experts critical data relevant to the sophistication of the attack, vulnerabilities targeted, and some means of preventing it in the future. This project reviewed former designs and similar studies addressing the same issues and emphasizes the added value of this open source solution in terms of flexibility, ease of use and upgrade, deployment, and customization.

Because AISEN seamlessly integrates with Security Information and Event Management (SIEM) software, it goes far beyond standard IPS/IDS alerts. It actually listens for suspicious activities and uncommon behavior (e.g. port scanning in a communication department network) to detect suspicious activities that a normal user would not do. AISEN is designed to enable potential integration with passive Strike-back modules that may be achieved in later work.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Jiang, X., Xinyuan, W.: Out-of-the-box Monitoring of VM-based High-Interaction Honeypots. Dissertation, George Mason University (2007)

    Google Scholar 

  2. Revolution Systems. Linux NAT in Four Steps Using Iptables (2010), http://www.revsys.com/writings/quicktips/nat.html (accessed October 11, 2011)

  3. González, D.: Installing a Virtual HoneyWall Using VMware. In: Spanish Honeynet Project (2004), Available via Papers http://honeynet.org.es/papers/vhwall (accessed October 11, 2011)

  4. The Honeynet Project. Configuring VMware and Installing Your Honeypots (2008), http://www.honeynet.pk/honeywall/eeyore/page2.html (accessed October 11, 2011)

  5. Symantec. Open Source Honeypots, Part Two: Deploying Honeyd in the Wild (2010), http://www.symantec.com/connect/articles/open-source-honeypots-part-two-deploying-honeyd-wild (accessed October 11, 2011)

  6. The Honeynet Project. The HoneyWall (2008), http://www.honeynet.org (accessed May 07, 2011)

  7. Microsoft Technet. Defining Malware: FAQ (2003) http://technet.microsoft.com/en-us/library/dd632948.aspx (accessed on October 11, 2011)

  8. The Internet Engineering Task Force. RFC 1631 - The IP Network Address Translator (NAT) (1994), http://tools.ietf.org/html/rfc1631 (accessed on October 11, 2011)

  9. Lane, A.: Understanding and Selecting SIEM/LM: Use Cases. In: Securosis Blog. Securosis (2010), http://securosis.com/blog/understanding-and-selecting-siem-lm-use-cases-part-1 (accessed October 11, 2011)

  10. Hudak, S.: Automatic Honeypot Generation and Network Deception. In: Scientific Literature Digital Library and Search (2008) (accessed on July 12, 2011)

    Google Scholar 

  11. Provos, N.: A Virtual Honeypot Framework. University of Michigan (2003) (accessed on September 4, 2011)

    Google Scholar 

  12. CyberCiti. Mac OS X: Set Port Forwarding Nat Router (Internet Sharing) (2010), http://www.cyberciti.biz/faq/howto-configure-macosx-as-nat-router (accessed on October 12, 2011)

  13. Hecker, C., Kara, N., Brian, H.: Dynamic Honeypot Construction. University of Alaska Fairbanks (2006) (accessed October 11, 2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Blue Sky Information Security, Morocco

    Ali Elouafiq & Ayoub Khobalatte

  2. School of Science and Engineering Computer Science Departments, Al Akhawayn University in Ifrane (AUI), Ifrane, Morocco

    Ali Elouafiq, Ayoub Khobalatte & Wassim Benhallam

Authors
  1. Ali Elouafiq
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ayoub Khobalatte
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wassim Benhallam
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Software Engineering, Faculty of Engineering, Lakehead University, 955 Oliver Rd., P7B 5E1, Thunder Bay, Ontario, Canada

    Rachid Benlamri

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Elouafiq, A., Khobalatte, A., Benhallam, W. (2012). Aggressive and Intelligent Self-Defensive Network. In: Benlamri, R. (eds) Networked Digital Technologies. NDT 2012. Communications in Computer and Information Science, vol 293. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30507-8_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-30507-8_30

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-30506-1

  • Online ISBN: 978-3-642-30507-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation