Early Warning and Prediction of Internet Attacks and Exploits
Abstract
A safe, secure and functional information network is vital in today's Air Force net centric environment. Information is more critical today than it has ever been. As more operational functions are placed in cyber space and greater computing power becomes available to everyone, keeping these networks safe and secure is an almost unattainable task. Network security entails Intrusion Detection Security, but another form of security or "insecurity" is quickly gaining attention. Honeypots allow the black hat community to attack and penetrate non-production systems. By monitoring and studying these attacks, network defenders can develop better Information Assurance tactics and procedures to defend their networks. The ability to quickly analyze only those data packets predicted to be an exploit and disregard the remaining packets is crucial in today's overworked environment. Using an accredited Honeypot, an Exploit Prediction System (EPS) is developed using a decision-tree matrix. The EPS provides an excellent tool in choosing only those data packets needing further analysis. The EPS employs as few criterion needed for successful prediction. The log data coming into the honeypot is not filtered and all incoming log data is captured, interpreted and categorized.