ASTER: Active Smart Targets for Effective Response
Abstract: In this paper, we describe a new approach to intrusion
detection and correlation, in which we actively control or .mark. the
information seen by each adversary that probes the site. When the
adversary attacks, defenders detect the marked information and use
it to correlate the attack and the probe. More complex correlations
can be used to detect larger patterns, such as coordinated attacks.
We have developed ASTER, a system that consists of (1) Active Smart
Targets that disseminate and later recognize the marked information, and
(2) a correlation engine to analyze the information. We describe the
feasibility prototype we have implemented and discuss our future plans.
Return to the Publication list.
Last updated by Frank Adelstein on Dec-11-2002