A number of network monitoring sensors such as honeypot and web crawler have been launched to observe increasingly-sophisticated cyber attacks. Based on these technologies, there have been several large scale network monitoring projects launched to fight against cyber threats on the Internet. Meanwhile, these projects are facing some problems such as Difficulty of collecting wide range darknet, Burden of honeypot operation and Blacklisting problem of honeypot address. In order to address these problems, this paper proposes a novel proactive cyber attack monitoring platform called GHOST sensor, which enables effective utilization of physical and logical resources such as hardware of sensors and monitoring IP addresses as well as improves the efficiency of attack information collection. The GHOST sensor dynamically allocates targeted IP addresses to appropriate sensors so that the sensors can flexibly monitor attacks according to profiles of each attacker. Through an evaluation in a experiment environment, this paper presents the efficiency of attack observation and resource utilization.
Masashi ETO
National Institute of Information and Communications Technology
Tomohide TANAKA
clwit, Inc.
Koei SUZUKI
National Institute of Information and Communications Technology
Mio SUZUKI
National Institute of Information and Communications Technology
Daisuke INOUE
National Institute of Information and Communications Technology
Koji NAKAO
National Institute of Information and Communications Technology
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Masashi ETO, Tomohide TANAKA, Koei SUZUKI, Mio SUZUKI, Daisuke INOUE, Koji NAKAO, "GHOST Sensor: A Proactive Cyber Attack Monitoring Platform" in IEICE TRANSACTIONS on Information,
vol. E98-D, no. 4, pp. 788-795, April 2015, doi: 10.1587/transinf.2014ICP0014.
Abstract: A number of network monitoring sensors such as honeypot and web crawler have been launched to observe increasingly-sophisticated cyber attacks. Based on these technologies, there have been several large scale network monitoring projects launched to fight against cyber threats on the Internet. Meanwhile, these projects are facing some problems such as Difficulty of collecting wide range darknet, Burden of honeypot operation and Blacklisting problem of honeypot address. In order to address these problems, this paper proposes a novel proactive cyber attack monitoring platform called GHOST sensor, which enables effective utilization of physical and logical resources such as hardware of sensors and monitoring IP addresses as well as improves the efficiency of attack information collection. The GHOST sensor dynamically allocates targeted IP addresses to appropriate sensors so that the sensors can flexibly monitor attacks according to profiles of each attacker. Through an evaluation in a experiment environment, this paper presents the efficiency of attack observation and resource utilization.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2014ICP0014/_p
Copy
@ARTICLE{e98-d_4_788,
author={Masashi ETO, Tomohide TANAKA, Koei SUZUKI, Mio SUZUKI, Daisuke INOUE, Koji NAKAO, },
journal={IEICE TRANSACTIONS on Information},
title={GHOST Sensor: A Proactive Cyber Attack Monitoring Platform},
year={2015},
volume={E98-D},
number={4},
pages={788-795},
abstract={A number of network monitoring sensors such as honeypot and web crawler have been launched to observe increasingly-sophisticated cyber attacks. Based on these technologies, there have been several large scale network monitoring projects launched to fight against cyber threats on the Internet. Meanwhile, these projects are facing some problems such as Difficulty of collecting wide range darknet, Burden of honeypot operation and Blacklisting problem of honeypot address. In order to address these problems, this paper proposes a novel proactive cyber attack monitoring platform called GHOST sensor, which enables effective utilization of physical and logical resources such as hardware of sensors and monitoring IP addresses as well as improves the efficiency of attack information collection. The GHOST sensor dynamically allocates targeted IP addresses to appropriate sensors so that the sensors can flexibly monitor attacks according to profiles of each attacker. Through an evaluation in a experiment environment, this paper presents the efficiency of attack observation and resource utilization.},
keywords={},
doi={10.1587/transinf.2014ICP0014},
ISSN={1745-1361},
month={April},}
Copy
TY - JOUR
TI - GHOST Sensor: A Proactive Cyber Attack Monitoring Platform
T2 - IEICE TRANSACTIONS on Information
SP - 788
EP - 795
AU - Masashi ETO
AU - Tomohide TANAKA
AU - Koei SUZUKI
AU - Mio SUZUKI
AU - Daisuke INOUE
AU - Koji NAKAO
PY - 2015
DO - 10.1587/transinf.2014ICP0014
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E98-D
IS - 4
JA - IEICE TRANSACTIONS on Information
Y1 - April 2015
AB - A number of network monitoring sensors such as honeypot and web crawler have been launched to observe increasingly-sophisticated cyber attacks. Based on these technologies, there have been several large scale network monitoring projects launched to fight against cyber threats on the Internet. Meanwhile, these projects are facing some problems such as Difficulty of collecting wide range darknet, Burden of honeypot operation and Blacklisting problem of honeypot address. In order to address these problems, this paper proposes a novel proactive cyber attack monitoring platform called GHOST sensor, which enables effective utilization of physical and logical resources such as hardware of sensors and monitoring IP addresses as well as improves the efficiency of attack information collection. The GHOST sensor dynamically allocates targeted IP addresses to appropriate sensors so that the sensors can flexibly monitor attacks according to profiles of each attacker. Through an evaluation in a experiment environment, this paper presents the efficiency of attack observation and resource utilization.
ER -