GHOST Sensor: A Proactive Cyber Attack Monitoring Platform

Masashi ETO  Tomohide TANAKA  Koei SUZUKI  Mio SUZUKI  Daisuke INOUE  Koji NAKAO  

Publication
IEICE TRANSACTIONS on Information and Systems   Vol.E98-D   No.4   pp.788-795
Publication Date: 2015/04/01
Publicized: 2014/12/04
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2014ICP0014
Type of Manuscript: Special Section PAPER (Special Section on Information and Communication System Security―Against Cyberattacks―)
Category: Attack Monitoring & Detection
Keyword: 
network monitoring,  cyber attack,  darknet,  honeypot,  attack detection,  

Full Text: PDF(889.4KB)>>
Buy this Article




Summary: 
A number of network monitoring sensors such as honeypot and web crawler have been launched to observe increasingly-sophisticated cyber attacks. Based on these technologies, there have been several large scale network monitoring projects launched to fight against cyber threats on the Internet. Meanwhile, these projects are facing some problems such as Difficulty of collecting wide range darknet, Burden of honeypot operation and Blacklisting problem of honeypot address. In order to address these problems, this paper proposes a novel proactive cyber attack monitoring platform called GHOST sensor, which enables effective utilization of physical and logical resources such as hardware of sensors and monitoring IP addresses as well as improves the efficiency of attack information collection. The GHOST sensor dynamically allocates targeted IP addresses to appropriate sensors so that the sensors can flexibly monitor attacks according to profiles of each attacker. Through an evaluation in a experiment environment, this paper presents the efficiency of attack observation and resource utilization.