ASTER: Active Smart Targets for Effective Response


Abstract: In this paper, we describe a new approach to intrusion detection and correlation, in which we actively control or .mark. the information seen by each adversary that probes the site. When the adversary attacks, defenders detect the marked information and use it to correlate the attack and the probe. More complex correlations can be used to detect larger patterns, such as coordinated attacks. We have developed ASTER, a system that consists of (1) Active Smart Targets that disseminate and later recognize the marked information, and (2) a correlation engine to analyze the information. We describe the feasibility prototype we have implemented and discuss our future plans.

