Reduce positive and negative falses from attacks collected from the deployment of distributed honeypot network

Abstract: Current tools and systems of detecting vulnerabilities simply alert the administrator of attempted attacks against his network or system. However, generally, the huge number of alerts to analyze and the amount time required to update security rules after analyzing alerts provides time and opportunity for the attacker to inflict damages. Moreover, most of these tools generate positive and negative falses, which may be important to the attacked network. Otherwise, many solutions exist such as IPS, but it shows a great defect due, fundamentally, to false positives. Indeed, attackers often make IPS block a legitimate traffic when they detect its presence in the attacked network. In this paper we describe an automated algorithm that gives the ability to detect attacks before they occurrence, then reduce positive and negative falses rates. Moreover, we use a set of data related to malicious traffic captured using a network of honeypots to recognize potential threats sources.