Honeyboost: Boosting honeypot performance with data fusion and anomaly detection
作者:
Highlights:
• Existing honeypot + network anomaly detection methods produce high false positives and do not focus on insider attacks.
• Honeyboost uses node-level real network data from inside a LAN.
• Honeyboost identifies most anomalous nodes in the LAN before they access the honeypot.
• Honeyboost is an unsupervised network anomaly detection method with low false positive rates.
• Honeyboost gives deeper insights into the behavior of anomalous nodes in the network.
摘要
•Existing honeypot + network anomaly detection methods produce high false positives and do not focus on insider attacks.•Honeyboost uses node-level real network data from inside a LAN.•Honeyboost identifies most anomalous nodes in the LAN before they access the honeypot.•Honeyboost is an unsupervised network anomaly detection method with low false positive rates.•Honeyboost gives deeper insights into the behavior of anomalous nodes in the network.
论文关键词:Network anomaly detection,Honeypots,Extreme value theory,False positives,Cyber security,Time series
论文评审过程:Received 7 September 2021, Revised 4 March 2022, Accepted 28 March 2022, Available online 11 April 2022, Version of Record 19 April 2022.
论文官网地址:https://doi.org/10.1016/j.eswa.2022.117073
