Observatorio de I+D+i UPM

Memorias de investigación
Proyecto de I+D+i:
Virtual and Collaborative Honeynets based on Trust Management and Autonomous Systems applied to Intrusion Management (RECLAMO)
Año:2012
Áreas de investigación
  • Telemática
Datos
Descripción
The use of automatic prevention, detection and reaction systems for attack and intrusion management is a key research topic in the last few years. In fact, companies and research groups worldwide are investing a lot of resources to make this concept of automated management of intrusions a reality. However, most of the current proposals and solutions have a narrow scope and have certain difficulties and limitations when dealing with large scale and distributed attacks like coordinated spam or phishing attacks, or distributed denial of services (DDoS), for example. In this context, there are several advanced service management and security-related technologies that can be used when providing novel solutions to the proposed problem. Concepts like autonomic system, ontologies and semantic web, trust and reputation management, collaborative intrusion detection and prevention systems, self-protection, and virtualised honeynets should be considered as part of novel IDS/IPS (Intrusion Detection Systems/Intrusion Prevention Systems) frameworks and systems. In this context, the RECLAMO project is aimed at designing and creating an advanced framework for enhancing current attack and intrusion detection and reaction proposals. To get this objective, the current workplan will be dealing with the different key technologies mentioned before and combining them in a single solution to provide an automated response system to attacks and intrusions. For this, the concept of self- protection (which is one of the four key characteristics of any autonomic system) will be the key concept driving the main component of the system, providing the ability to infer the most appropriate response for a given intrusion, taking into account not just the intrusion, but also many other parameters related to the intrusion, like the context, the trust and reputation of the network source, etc. This autonomic system will use formally defined information models (with ontologies) for combining intrusion information, self- evaluation learnt parameters, trust and reputation of the different involved elements and information coming from collaborative IDS/IPS systems in the same or different administrative domain. This information will be evaluated with a set of security metrics represented in a formally defined behaviour specification language, like SWRL, in order to reason and to infer the most appropriate response, taking into account all the inputs and other criteria specified in the security metrics. One of the most promising approaches to intrusion response will be based on the dynamic generation and deployment of honeynets where the attacks will be diverted. These honeynets will be created ad-hoc for each attack and optimised for it, in order to get as much information as possible from each attack. This dynamic honeynet generation will be done by using advanced virtualization techniques able to generate large scale heterogeneous honeynets. The RECLAMO project is a coordinated project including two high-level research groups from two different Universities (Technical University of Madrid and University of Murcia) with complementary knowledge and expertise in the topics mentioned before that need to be put together to make the design and first deployment of the project objectives a success.
Internacional
No
Tipo de proyecto
Proyectos y convenios en convocatorias públicas competitivas
Entidad financiadora
Ministerio de Ciencia e Innovación
Nacionalidad Entidad
ESPAÑA
Tamaño de la entidad
Gran Empresa (>250)
Fecha concesión
20/07/2011
Esta actividad pertenece a memorias de investigación
Participantes
  • Director: Victor Abraham Villagra Gonzalez (UPM)
  • Participante: David Fernandez Cambronero (UPM)
  • Participante: Verónica Mateos Lanchas (UPM)
  • Participante: Omar Aurelio Walid Llorente (UPM)
Grupos de investigación, Departamentos, Centros e Institutos de I+D+i relacionados
  • Creador: Departamento: Ingeniería de Sistemas Telemáticos
S2i 2021 Observatorio de investigación @ UPM con la colaboración del Consejo Social UPM
Cofinanciación del MINECO en el marco del Programa INNCIDE 2011 (OTR-2011-0236)
Cofinanciación del MINECO en el marco del Programa INNPACTO (IPT-020000-2010-22)