Reduce positive and negative falses from attacks collected from the deployment of distributed honeypot network

TL;DR

This paper presents an automated algorithm that detects attacks proactively and reduces false positives and negatives using data from a distributed honeypot network, improving network security response accuracy.

Contribution

The paper introduces a novel automated detection algorithm that predicts attacks before they happen and minimizes false alarms using honeypot-collected malicious traffic data.

Findings

The algorithm effectively reduces false positive and negative rates.

It enables proactive attack detection before occurrence.

Uses honeypot data to identify threat sources.

Abstract

Current tools and systems of detecting vulnerabilities simply alert the administrator of attempted attacks against his network or system. However, generally, the huge number of alerts to analyze and the amount time required to update security rules after analyzing alerts provides time and opportunity for the attacker to inflict damages. Moreover, most of these tools generate positive and negative falses, which may be important to the attacked network. Otherwise, many solutions exist such as IPS, but it shows a great defect due, fundamentally, to false positives. Indeed, attackers often make IPS block a legitimate traffic when they detect its presence in the attacked network. In this paper we describe an automated algorithm that gives the ability to detect attacks before they occurrence, then reduce positive and negative falses rates. Moreover, we use a set of data related to malicious traffic captured using a network of honeypots to recognize potential threats sources.