Honeypots

The Active Defense System aims to detect malware and bots. Researchers have suggested different ways to identify malware through machine learning and clustering techniques. However, most of these methods are not suitable for real enterprise networks due to impractical training systems or the requirement for large storage space. In this paper, we introduce a new automated system called BFH (BotFinder through Honeypots). This system utilises honeypots to recognise infected hosts in a real enterprise network using a machine learning approach. Our solution detects malware-infected bots by analysing NetFlow data and samples from 97 different honeypot systems. The BFH model is trained using these samples and sent to a classification unit for grouping. The system is then trained to detect malware from NetFlow data. Results are verified through a full packet capture of one month and tools to identify malicious domains. BFH effectively detects infected hosts with minimal false positives and handles recent malware families from the 97 honeypots. It is scalable and supports large networks, as demonstrated in its deployment in a large-scale enterprise network in Turkey using Hadoop infrastructure.

1. A novel honeypot based security approach for real-time intrusion detection and prevention systems
2. The Use of Honeypot in Machine Learning Based on Malware Detection: A Review
3. Malware Detection Using Honeypot and Machine Learning
4. Review of Advanced Monitoring Mechanisms in Peer-to-Peer (P2P) Botnets
5. A Brief Review of Advanced Monitoring Mechanisms in Peer-to-Peer (P2P) Botnets
6. Anamoly Detection in Very Large Scale System using Big Data
7. A Comprehensive Survey on Big Data Technology Based Cybersecurity Analytics Systems
8. Monitoring Peer-to-Peer Botnets: Requirements, Challenges, and Future Works
9. Honey Pot: A Major Technique for Intrusion Detection
10. Botnet Monitoring Mechanisms on Peer-to-Peer (P2p) Botnet
11. Retrieval of Information Through Botnet Attacks: The Importance of Botnet Detection in the Modern Era
12. Chapter 8: Stochastic Block Models as an Unsupervised Approach to Detect Botnet-Infected Clusters in Networked Data
13. Unknown Threat Detection With Honeypot Ensemble Analsyis Using Big Datasecurity Architecture
14. Automation of Network Operations by Cooperation between Anomaly Detections and Operation Logs
15. Lutte contre les botnets : analyse et stratégie
16. Statistical Analysis in Cyberspace Data veracity, completeness, and clustering
17. Recent Trends in Botnet Detection Techniques-A review
18. ASERNET:Extracting IDS rules From Correlated Honeypot And Network Data