SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsOne of the problems encountered with network intrusion detection systems is that the logging of failed connection attempts only occurs when services are not listening on a scanned port. When a RST signal terminates a TCP connection attempt, the system never sees or logs the data payload that the remote machine was trying to send into the network. A honeypot can provide such a mechanism by completing the connection attempt and then recording the interactions between the honeypot and the machine making the connection. Being able to capture and analyze the data payload can help determine the intent of the connecting machine. It can also provide information that allows the discovery of new exploits and the construction of custom ID rules.