36
be real system but
that
in
fact do
not support real
interactive environment [1]. It
is also
better that it appears to be worthy place for attackers.
Honeypot
Host
Internet
Router
Attacker
assumes that
it contains
valuable
information
Server
Figure 8 – Basic Implementation of Honeypot
2.1.7.4 Intrusion Detection System
Intrusion detection system was invented since 1980, when James Anderson wrote
a
technical report called Computer Security Threat Monitoring and Surveillance for U.S.
Air
Force.
He
said
that
they
could
identify
and
analyze
computer misuse
or
other
malicious activities by
looking up audit records, and he suggested better auditing
systems
for
improved
security
threat
identification. In
1985,
U.S.
Navy
helped
SRI
International
to
develop
a
prototype
of
intrusion
detection
system.
The
prototype
was
designed to
analyze
audit
traces
from
the
network
traffics
that
came
from
government
system. It was named Intrusion Detection
Expert System (IDES) and it is the
foundation
of
IDS.
From
time
to
time,
the
IDS
technology is
greatly
improved
and
there
were
various
companies
these
days
who
were
interested
in
developing
and
advancing
IDS
before the intrusion prevention system (IPS) emerged in late 1990s [1].
 |