RECLAMO (Virtual and Collaborative Honeynets based on Autonomous Intrusion Response Systems and Trust Models)
This project will propose and implement a prototype of the architecture for an Automated Intrusion Response System (AIRS). This system will infer the most appropriate response for a given attack, taking into account the attack type, context information, and the trust and reputation of the reporting IDSs. RECLAMO is proposing a novel deception approach for intrusion response: diverting the attack to a specific honeynet that has been dynamically built based on the attack information.
The Automated Intrusion Response System is based on formal inference engines, with will try to trigger the most appropriate response to an incident based on different metrics that can take into account the characteristics of the attacks, the targets, the sources, etc.