Reduce positive and negative falses from attacks collected from the deployment of distributed honeypot network

Abdeljalil AGNAOU, Anas ABOU EL KALAM, Abdellah AIT OUAHMAN, Mina DE MONTFORT OSCARS Laboratory National School of Applied Sciences Marrakech, Morocco ARTIMIA, Paris FRANCE [email protected], [email protected], [email protected], [email protected] AbstractCurrent tools and systems of detecting vulnerabilities simply alert the administrator of attempted attacks against his network or system. However, generally, the huge number of alerts to analyze and the amount time required to update security rules after analyzing alerts provides time and opportunity for the attacker to inflict damages. Moreover, most of these tools generate positive and negative falses, which may be important to the attacked network. Otherwise, many solutions exist such as IPS, but it shows a great defect due, fundamentally, to false positives. Indeed, attackers often make IPS block a legitimate traffic when they detect its presence in the attacked network.