"honeypot; monitoring; NetFlow; NfSen; dictionary attack"@en . . "Flow-based Monitoring of Honeypots"@en . . "75328" . . . "Dra\u0161ar, Martin" . "RIV/00216224:14610/13:00065721" . "Flow-based Monitoring of Honeypots" . . . . . "Security and Protection of Information 2013" . "2013-05-22+02:00"^^ . "Honeypots are known as an effective tools for discovering new attacks and for observing activity of the attackers. However, they are often seen as a research-oriented tools for security professionals that require constant supervision. We have created an incident detection system based on a combination of honeypots and flow-based monitoring that takes the best of both without additional complexity. In this paper we present deployment of both low-interaction and high-interaction honeypots and their monitoring based on network flows. We show how honeypots can be used as an automatic detection tool in the production network. We present a plug-in called honeyscan for widely-used NetFlow collector NfSen that was developed to monitor and evaluate network activity of the honeypot and to report security incidents. This plug-in processes traffic destined to honeypots, stores credentials from authentication attempts, and observes attacker's activity in the protected network." . "Flow-based Monitoring of Honeypots"@en . "9788072319220" . . . . "14610" . . . "Hus\u00E1k, Martin" . "2"^^ . "Flow-based Monitoring of Honeypots" . "2"^^ . . . . . "P(VG20132015103)" . "Brno" . . "Brno" . . . "[0BCD62F38638]" . "Honeypots are known as an effective tools for discovering new attacks and for observing activity of the attackers. However, they are often seen as a research-oriented tools for security professionals that require constant supervision. We have created an incident detection system based on a combination of honeypots and flow-based monitoring that takes the best of both without additional complexity. In this paper we present deployment of both low-interaction and high-interaction honeypots and their monitoring based on network flows. We show how honeypots can be used as an automatic detection tool in the production network. We present a plug-in called honeyscan for widely-used NetFlow collector NfSen that was developed to monitor and evaluate network activity of the honeypot and to report security incidents. This plug-in processes traffic destined to honeypots, stores credentials from authentication attempts, and observes attacker's activity in the protected network."@en . "RIV/00216224:14610/13:00065721!RIV14-MV0-14610___" . "8"^^ . "Univerzita obrany" .