To see the other types of publications on this topic, follow the link: Honeypots.
Journal articles on the topic 'Honeypots'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Honeypots.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Cheng, Kai, Zhan Wu, Dongkun Li, Xin Li, and Mu Ren. "The TaintDroid Based Honeypot Monitoring System for Embedded Device." Journal of Physics: Conference Series 2203, no. 1 (February 1, 2022): 012077. http://dx.doi.org/10.1088/1742-6596/2203/1/012077.
Full textAbstract:
Abstract Honeypot is a proactive defense technology introduced by defenders. Through the honeypots, defenders can deceive attackers to illegally take advantage of the honeypots and capture and analyze the attack behaviors to understand the attack tools and methods. To build honeypots, defenders first imitate vulnerable systems to entice the attacker to attack, then deploy monitoring systems that is responsible for monitoring and recording the attacker’s behavior. It is of concern that monitoring system is the key to determine the performance of honeypots, because obtaining attackers’ behavior is the main purpose of deploying honeypots, and monitoring system’s performance determines whether attackers’ behavior can be accurately and comprehensively recorded. In this paper, we introduce a novel TaintDroid based honeypot monitoring system for embedded device. This system uses TaintDroid to mark the attackers who hack into the honeypot, monitors the behavior of the marked attackers and then records. Moreover, we tested the feasibility of this system by building a monitoring system based on TaintDroid.
2
Yang, Xingyuan, Jie Yuan, Hao Yang, Ya Kong, Hao Zhang, and Jinyu Zhao. "A Highly Interactive Honeypot-Based Approach to Network Threat Management." Future Internet 15, no. 4 (March 28, 2023): 127. http://dx.doi.org/10.3390/fi15040127.
Full textAbstract:
In this paper, considering the problem that the common defensive means in the current cyber confrontation often fall into disadvantage, honeypot technology is adopted to turn reactive into proactive to deal with the increasingly serious cyberspace security problem. We address the issue of common defensive measures in current cyber confrontations that frequently lead to disadvantages. To tackle the progressively severe cyberspace security problem, we propose the adoption of honeypot technology to shift from a reactive to a proactive approach. This system uses honeypot technology for active defense, tempting attackers into a predetermined sandbox to observe the attacker’s behavior and attack methods to better protect equipment and information security. During the research, it was found that due to the singularity of traditional honeypots and the limitations of low-interactivity honeypots, the application of honeypot technology has difficulty in achieving the desired protective effect. Therefore, the system adopts a highly interactive honeypot and a modular design idea to distinguish the honeypot environment from the central node of data processing, so that the honeypot can obtain more sufficient information and the honeypot technology can be used more easily. By managing honeypots at the central node, i.e., adding, deleting, and modifying honeypots and other operations, it is easy to maintain and upgrade the system, while reducing the difficulty of using honeypots. The high-interactivity honeypot technology not only attracts attackers into pre-set sandboxes to observe their behavior and attack methods, but also performs a variety of advanced functions, such as network threat analysis, virtualization, vulnerability perception, tracing reinforcement, and camouflage detection. We have conducted a large number of experimental comparisons and proven that our method has significant advantages compared to traditional honeypot technology and provides detailed data support. Our research provides new ideas and effective methods for network security protection.
3
Li, Yang, Leyi Shi, and Haijie Feng. "A Game-Theoretic Analysis for Distributed Honeypots." Future Internet 11, no. 3 (March 5, 2019): 65. http://dx.doi.org/10.3390/fi11030065.
Full textAbstract:
A honeypot is a decoy tool for luring an attacker and interacting with it, further consuming its resources. Due to its fake property, a honeypot can be recognized by the adversary and loses its value. Honeypots equipped with dynamic characteristics are capable of deceiving intruders. However, most of their dynamic properties are reflected in the system configuration, rather than the location. Dynamic honeypots are faced with the risk of being identified and avoided. In this paper, we focus on the dynamic locations of honeypots and propose a distributed honeypot scheme. By periodically changing the services, the attacker cannot distinguish the real services from honeypots, and the illegal attack flow can be recognized. We adopt game theory to illustrate the effectiveness of our system. Gambit simulations are conducted to validate our proposed scheme. The game-theoretic reasoning shows that our system comprises an innovative system defense. Further simulation results prove that the proposed scheme improves the server’s payoff and that the attacker tends to abandon launching attacks. Therefore, the proposed distributed honeypot scheme is effective for network security.
4
Katakwar, Harsh, Shashank Uttrani, Palvi Aggarwal, and Varun Dutt. "Influence of different honeypot proportions on adversarial decisions in a deception game." Proceedings of the Human Factors and Ergonomics Society Annual Meeting 66, no. 1 (September 2022): 120–24. http://dx.doi.org/10.1177/1071181322661120.
Full textAbstract:
Cyberattacks are proliferating, and deception via honeypots may provide efficient strategies for combating cyberattacks. Although prior research has examined deception and network factors using deception-based games, it is still unknown how the proportion of honeypots in a network influences the adversarial decision. This study evaluates the influence of different honeypot proportions on the adversary’s decisions using a deception game (DG). DG has two consecutive stages, probe and attack. In the probe stage, participants may probe a few webservers or not probe the network. In the attack stage, participants may attack any of the webservers or decide not to attack the webservers. Participants were randomly assigned to one of three between-subject conditions containing different honeypot proportions: small, medium, and large. With an increase in the proportion of honeypots, the honeypot and no-attack actions increased dramatically. We show how our findings are applicable in deception-based cyber scenarios.
5
Touch, Sereysethy, and Jean-Noël Colin. "A Comparison of an Adaptive Self-Guarded Honeypot with Conventional Honeypots." Applied Sciences 12, no. 10 (May 21, 2022): 5224. http://dx.doi.org/10.3390/app12105224.
Full textAbstract:
To proactively defend computer systems against cyber-attacks, a honeypot system—purposely designed to be prone to attacks—is commonly used to detect attacks, discover new vulnerabilities, exploits or malware before they actually do real damage to real systems. Its usefulness lies in being able to operate without being identified as a trap by adversaries; otherwise, its values are significantly reduced. A honeypot is commonly classified by the degree of interactions that they provide to the attacker: low, medium and high-interaction honeypots. However, these systems have some shortcomings of their own. First, the low and medium-interaction honeypots can be easily detected due to their limited and simulated functions of a system. Second, the usage of real systems in high-interaction honeypots has a high risk of security being compromised due to its unlimited functions. To address these problems, we developed Asgard an adaptive self-guarded honeypot, which leverages reinforcement learning to learn and record attacker’s tools and behaviour while protecting itself from being deeply compromised. In this paper, we compare Asgard and its variant Midgard with two conventional SSH honeypots: Cowrie and a real Linux system. The goal of the paper is (1) to demonstrate the effectiveness of the adaptive honeypot that can learn to compromise between collecting attack data and keeping the honeypot safe, and (2) the benefit of coupling of the environment state and the action in reinforcement learning to define the reward function to effectively learn its objectives. The experimental results show that Asgard could collect higher-quality attacker data compared to Cowrie while evading the detection and could also protect the system for as long as it can through blocking or substituting the malicious programs and some other commands, which is the major problem of the high-interaction honeypot.
6
Chaudhary, Sachin, and Kanchan Chaudhary. "Distributed Honeypots System." International Journal of Advance Research and Innovation 1, no. 2 (2013): 5–11. http://dx.doi.org/10.51976/ijari.121302.
Full textAbstract:
Honeypot is a supplemented active defence system for network security. It traps attacks, records intrusion information about tools and activities of the hacking process, and prevents attacks outbound the compromised system. Integrated with other security solutions, Honeypot can solve many traditional dilemmas. It has emerged as a prominent technology that helps learn new hacking techniques from attackers and intruders. Honeypots can initiatively lure hackers to attack the internet, take the record of the ways and means of their invasion, and then analyze and study them.
7
Panduardi, Farizqi, Herman Yuliandoko, and Agus Priyo Utomo. "Network Security Using Honeypot and Attack Detection with Android Application." Indonesian Journal of Engineering Research 2, no. 2 (November 27, 2021): 53–60. http://dx.doi.org/10.11594/10.11594/ijer.02.02.04.
Full textAbstract:
Network security is now increasingly needed in the era of the industrial revolution 4.0. As technology grows, cybercrimes are becoming more and more common, including attacks on a resource. At this time, honeypots are also widely used by large industries for network security, besides that honeypots are also useful for them in developing intrusion and preventing systems. Honeypots are usually used in a virtual environment, they will stimulate a fake system to capture data packets on the network and be analysed offline later for all threats and attacks.
This propose of this paper is to detect and prevent building attacks from computer network attackers using an android application. This application can monitor an attack on the server by installing a honeypot tool into the server as an attack detector, then the honeypot log is used as a Rest API using Django framework with MongoDB database. this application can find out if there is an attack on the server, and can block the attacker's IP address.
8
Nagy, Naya, Marius Nagy, Ghadeer Alazman, Zahra Hawaidi, Saja Mustafa Alsulaibikh, Layla Alabbad, Sadeem Alfaleh, and Areej Aljuaid. "Quantum Honeypots." Entropy 25, no. 10 (October 18, 2023): 1461. http://dx.doi.org/10.3390/e25101461.
Full textAbstract:
Quantum computation offers unique properties that cannot be paralleled by conventional computers. In particular, reading qubits may change their state and thus signal the presence of an intruder. This paper develops a proof-of-concept for a quantum honeypot that allows the detection of intruders on reading. The idea is to place quantum sentinels within all resources offered within the honeypot. Additional to classical honeypots, honeypots with quantum sentinels can trace the reading activity of the intruder within any resource. Sentinels can be set to be either visible and accessible to the intruder or hidden and unknown to intruders. Catching the intruder using quantum sentinels has a low theoretical probability per sentinel, but the probability can be increased arbitrarily higher by adding more sentinels. The main contributions of this paper are that the monitoring of the intruder can be carried out at the level of the information unit, such as the bit, and quantum monitoring activity is fully hidden from the intruder. Practical experiments, as performed in this research, show that the error rate of quantum computers has to be considerably reduced before implementations of this concept are feasible.
9
Chamotra, Saurabh, Rakesh Kumar Sehgal, and Ram Swaroop Misra. "Honeypot Baselining for Zero Day Attack Detection." International Journal of Information Security and Privacy 11, no. 3 (July 2017): 63–74. http://dx.doi.org/10.4018/ijisp.2017070106.
Full textAbstract:
Honeypots are the network sensors used for capturing the network attacks. As these sensors are solely deployed for the purpose of being attacked and compromised hence they have to be closely monitored and controlled. In the work presented in this paper the authors have addressed the problem of base-lining the high-interaction Honeypots by proposing a structured framework for base-lining any high interaction Honeypot. The Honeypot base-lining process involves identification and white-listing of all the legitimate system activities and the modeling of Honeypot attack surface. The outcome of the Honeypot base-lining process is an XML file which models the Honeypot attack surface. The authors claim that this Honeypot system modeling is useful at the time of attack data analysis, as it enables the mapping of captured attacks to the vulnerabilities exposed by the Honeypot. This attack to vulnerability mapping capability helps defenders to find out what attacks targets what vulnerabilities and could also leads to the detection of the zero day vulnerabilities exploit attempt.
10
Alyas, Tahir, Khalid Alissa, Mohammed Alqahtani, Tauqeer Faiz, Suleiman Ali Alsaif, Nadia Tabassum, and Hafiz Hasan Naqvi. "Multi-Cloud Integration Security Framework Using Honeypots." Mobile Information Systems 2022 (August 17, 2022): 1–13. http://dx.doi.org/10.1155/2022/2600712.
Full textAbstract:
This rapidly changing digital world is always sensitive to improving security and resilience to protect the inhabitants of this ecosystem in terms of data, processes, repositories, communication, and functions. The transformation of this digital ecosystem is heavily dependent on cloud computing, as it is becoming the global platform for individuals, corporates, and even governments. Therefore, the concerns related to security are now linked closely with cloud computing. In this paper, a multi-cloud security framework takes a view on the development of security mechanisms to provide a diversion to the attacker. The purpose is to gain more time to analyze the attack and mitigate the intrusion without compromises. This mechanism is designed using the honeypot technology that has been around for some time but has not been used in cloud computing and other technologies. The proposed framework provides modules related to managing the multi-cloud platform, the intrusion detection and prevention system, and honeypots. The results show significant improvement in the accuracy of detecting attacks. These results are generated in a two-phase scenario, and the first phase has been analyzed without the engagement of the honeypot module presented in the framework. The second phase has been executed with same parameters and conditions by engaging the honeypot module. It includes a comparison taxonomy of both results and an in-depth study of existing honeypots, as well as critical design elements for current honeypot research and outstanding concerns for future honeypots in IoT, multi-cloud contexts.
11
Aranjo, Prof Suvarna, Sachin Maurya, Chandrakant Thakur, and Melvin Raju. "Threat Prediction using Honeypot and Machine Learning." International Journal for Research in Applied Science and Engineering Technology 10, no. 3 (March 31, 2022): 1838–51. http://dx.doi.org/10.22214/ijraset.2022.41016.
Full textAbstract:
Abstract: Honeypot is the ultimate tool in the kit of a security analyst, it helps us figure out what kind of attacks and malicious intent the attackers carry out and different strategies they use to take control of the network. Machine learning on the other hand can be used to make quicker decisions and narrow down different types of attacks faster and therefore predict the same attack that can occur on the actual network. The paper is divided into two sections one where we talk about the setup of the Honeypot on a Cloud service and then analyzing it and the other is where we are using Machine Learning algorithms to predict the type of the threat detected in the honeypots Keywords: Intrusion detection System (IDS), Network Intrusion Detection System(NIDS), High Interaction Honeypots(HIH)
12
Mesbah, Mohamed, Mahmoud Said Elsayed, Anca Delia Jurcut, and Marianne Azer. "Analysis of ICS and SCADA Systems Attacks Using Honeypots." Future Internet 15, no. 7 (July 14, 2023): 241. http://dx.doi.org/10.3390/fi15070241.
Full textAbstract:
Supervisory control and data acquisition (SCADA) attacks have increased due to the digital transformation of many industrial control systems (ICS). Operational technology (OT) operators should use the defense-in-depth concept to secure their operations from cyber attacks and reduce the surface that can be attacked. Layers of security, such as firewalls, endpoint solutions, honeypots, etc., should be used to secure traditional IT systems. The three main goals of IT cybersecurity are confidentiality, integrity, and availability (CIA), but these three goals have different levels of importance in the operational technology (OT) industry. Availability comes before confidentiality and integrity because of the criticality of business in OT. One of the layers of security in both IT and OT is honeypots. SCADA honeypots are used as a layer of security to mitigate attacks, known attackers’ techniques, and network and system weaknesses that attackers may use, and to mitigate these vulnerabilities. In this paper, we use SCADA honeypots for early detection of potential malicious tampering within a SCADA device network, and to determine threats against ICS/SCADA networks. An analysis of SCADA honeypots gives us the ability to know which protocols are most commonly attacked, and attackers’ behaviors, locations, and goals. We use an ICS/SCADA honeypot called Conpot, which simulates real ICS/SCADA systems with some ICS protocols and ICS/SCADA PLCs.
13
Arkhipova, Anastasiya, and Danila Karevskiy. "Honeypot as a tool for creating an effective secure system." Digital Technology Security, no. 2 (June 25, 2021): 122–35. http://dx.doi.org/10.17212/2782-2230-2021-2-122-135.
Full textAbstract:
In the presente work, the theoretical aspects of honeypot systems were considered, and the classification of honeypots on various grounds was presented. The architecture of a honeypot system is presented, designed to investigate the behavior of an attacker after his penetration into the corporate system, as a tool for implementing a complex effective secure system of the organization.
14
Bell Bitjoka, Georges, and Antoine Elang. "Network Malware Laboratory BasedOn Honeypots Technologies." Journal of Cybersecurity Research (JCR) 3, no. 1 (December 5, 2018): 1–12. http://dx.doi.org/10.19030/jcr.v3i1.10226.
Full textAbstract:
According to studies conducted by researchers across the globe, in recent years there has been an increase in organization and company attacks. Some attacks have been detected, but others, however, were able to bypass the security mechanisms, taking advantage of an unknown vulnerability in security systems. In this context, Honeypots systems aim to collect information on the intruder’s activities and learn about threats and attackers’ behavior. Honeypots systems are not designed to remedy failures or security errors on the network, but are responsible for providing adequate information on potential attackers before compromising real systems. In this paper, a honeypot system was designed to study the techniques used by attackers. We designed and implemented a malware analysis laboratory based on honeypots technology in a controlled environment to analyze various security incidents. The use of honeypots is based on the idea of simulating applications with vulnerabilities and recording all events produced by attackers, so the network administrator can learn about the different types of attacks to protect organizational systems that are being produced. The results have been very important in terms of the number and types of security incidents recorded by the honeypots. Also, an administration interface for controlling and analyzing the gathered information was designed. This system was not only implemented but also tested for several weeks and data was collected from the attacks was analyzed. This led to some interesting statistics and characteristics about attackers and their goals.
15
Mühlbach, Sascha, and Andreas Koch. "A Dynamically Reconfigured Multi-FPGA Network Platform for High-Speed Malware Collection." International Journal of Reconfigurable Computing 2012 (2012): 1–14. http://dx.doi.org/10.1155/2012/342625.
Full textAbstract:
Malicious software has become a major threat to computer users on the Internet today. Security researchers need to gather and analyze large sample sets to develop effective countermeasures. The setting of honeypots, which emulate vulnerable applications, is one method to collect attack code. We have proposed a dedicated hardware architecture for honeypots which allows both high-speed operation at 10 Gb/s and beyond and offers a high resilience against attacks on the honeypot infrastructure itself. In this work, we refine the base NetStage architecture for better management and scalability. Using dynamic partial reconfiguration, we can now update the functionality of the honeypot during operation. To allow the operation of a larger number of vulnerability emulation handlers, the initial single-device architecture is extended to scalable multichip systems. We describe the technical aspects of these modifications and show results evaluating an implementation on a current quad-FPGA reconfigurable computing platform.
16
Wang, Le, Jianyu Deng, Haonan Tan, Yinghui Xu, Junyi Zhu, Zhiqiang Zhang, Zhaohua Li, Rufeng Zhan, and Zhaoquan Gu. "AARF: Autonomous Attack Response Framework for Honeypots to Enhance Interaction Based on Multi-Agent Dynamic Game." Mathematics 12, no. 10 (May 11, 2024): 1508. http://dx.doi.org/10.3390/math12101508.
Full textAbstract:
Highly interactive honeypots can form reliable connections by responding to attackers to delay and capture intranet attacks. However, current research focuses on modeling the attacker as part of the environment and defining single-step attack actions by simulation to study the interaction of honeypots. It ignores the iterative nature of the attack and defense game, which is inconsistent with the correlative and sequential nature of actions in real attacks. These limitations lead to insufficient interaction of the honeypot response strategies generated by the study, making it difficult to support effective and continuous games with attack behaviors. In this paper, we propose an autonomous attack response framework (named AARF) to enhance interaction based on multi-agent dynamic games. AARF consists of three parts: a virtual honeynet environment, attack agents, and defense agents. Attack agents are modeled to generate multi-step attack chains based on a Hidden Markov Model (HMM) combined with the generic threat framework ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge). The defense agents iteratively interact with the attack behavior chain based on reinforcement learning (RL) to learn to generate honeypot optimal response strategies. Aiming at the sample utilization inefficiency problem of random uniform sampling widely used in RL, we propose the dynamic value label sampling (DVLS) method in the dynamic environment. DVLS can effectively improve the sample utilization during the experience replay phase and thus improve the learning efficiency of honeypot agents under the RL framework. We further couple it with a classic DQN to replace the traditional random uniform sampling method. Based on AARF, we instantiate different functional honeypot models for deception in intranet scenarios. In the simulation environment, honeypots collaboratively respond to multi-step intranet attack chains to defend against these attacks, which demonstrates the effectiveness of AARF. The average cumulative reward of the DQN with DVLS is beyond eight percent, and the convergence speed is improved by five percent compared to a classic DQN.
17
Korchenko, Anna, Vladyslav Breslavskyi, Serhii Yevseiev, Nazym Zhumangalieva, Anatolii Zvarych, Svitlana Kazmirchuk, Oleg Kurchenko, Oleksandr Laptiev, Оleksand Sievierinov, and Sirhii Tkachuk. "Development of a method for constructing linguistic standards for multi-criteria assessment of honeypot efficiency." Eastern-European Journal of Enterprise Technologies 1, no. 2 (109) (February 26, 2021): 14–23. http://dx.doi.org/10.15587/1729-4061.2021.225346.
Full textAbstract:
One of the pressing areas that is developing in the field of information security is associated with the use of Honeypots (virtual decoys, online traps), and the selection of criteria for determining the most effective Honeypots and their further classification is an urgent task. The main products that implement virtual decoy technologies are presented. They are often used to study the behavior, approaches and methods that an unauthorized party uses to gain unauthorized access to information system resources. Online hooks can simulate any resource, but more often they look like real production servers and workstations. A number of fairly effective developments are known that are used to solve the problems of detecting attacks on information system resources, which are based on the apparatus of fuzzy sets. They showed the effectiveness of the appropriate mathematical apparatus, the use of which, for example, to formalize the approach to the formation of a set of reference values that will improve the process of determining the most effective Honeypots. For this purpose, many characteristics have been formed (installation and configuration process, usage and support process, data collection, logging level, simulation level, interaction level) that determine the properties of online traps. These characteristics became the basis for developing a method for the formation of standards of linguistic variables for further selection of the most effective Honeypots. The method is based on the formation of a Honeypots set, subsets of characteristics and identifier values of linguistic estimates of the Honeypot characteristics, a base and derived frequency matrix, as well as on the construction of fuzzy terms and reference fuzzy numbers with their visualization. This will allow classifying and selecting the most effective virtual baits in the future.
18
M.R., Amal, and Venkadesh P. "Review of Cyber Attack Detection: Honeypot System." Webology 19, no. 1 (January 20, 2022): 5497–514. http://dx.doi.org/10.14704/web/v19i1/web19370.
Full textAbstract:
The number of connected devices in the network is growing day by day, and as the number of linked devices grows, so will the number of cyberattacks. All devices connected to the Internet has become a target of cyberattacks as network attack methods have developed. As a result, the security of network data cannot be neglected. To handle the future threats in this way, we employ honeypots, which are conceptual framework traps designed to block unauthorized access to both PCs and data. Every day, a large number of people access the internet throughout the world. Honeypot, also known as Intrusion Detection Technology, is a type of security technology that screens devices to prevent unwanted activities. This article will provide an overview of cyber security as well as a discussion of machine learning, cyber threats, and honeypot system-based techniques. This review paper was the result of a lot of research, and in assessing honeypots, the researchers found that they are becoming more of a concern for experts as an important security tool that can halt or limit system attacks and provide analysts with insights into the origins and behaviours of such attacks.
19
Surber, James Gregory, and Morgan Zantua. "Intelligent Interaction Honeypots for Threat Hunting within the Internet of Things." Journal of The Colloquium for Information Systems Security Education 9, no. 1 (March 8, 2022): 5. http://dx.doi.org/10.53735/cisse.v9i1.147.
Full textAbstract:
As the Internet of Things (IoT) grows exponentially, security is falling farther and farther behind. Several new initiatives show promise for expanding the privacy and security around these devices in the future. But what about the billions of devices already out there in the wild? Security researchers are responsible for developing the tools and procedures for discovering these devices quickly, understanding the risks they bring with them, and developing tools to mitigate those risks to more manageable levels. Honeypots and honeynets have traditionally supported this work in traditional IT. However, the challenges faced by the highly distributed, incredibly heterogeneous Internet of Things make deploying such tools difficult and costly. Recent research in honeypot architectures explicitly designed for the chaotic nature of the IoT ecosystem brings a new sense of hope that may lead to significant improvements in IoT security. There is still much work to do, but research continues. IoT cybersecurity experts and threat hunters are developing strategies for securing this new frontier of technology. This study will lay the foundations for an intelligent and highly interactive honeypot solution that can scale with the researchers' requirements, providing a much-needed framework for deploying targeted IoT honeypots.
20
Mudgal, Akshay, and Shaveta Bhatia. "Spark-Based Network Security Honeypot System: Detailed Performance Analysis." International Journal of Safety and Security Engineering 12, no. 6 (December 31, 2022): 737–43. http://dx.doi.org/10.18280/ijsse.120610.
Full textAbstract:
In the contemporary world, network security has been of the biggest importance and acute worry in both individual and institutional wisdom, concurrent with the newly emerging technologies. Firewalls, encryption techniques, intrusion detection systems, and honeypots are just a few of the systems and technologies that have been developed to ensure information security. Systems for safeguarding an organizational environment through various defensive strategies are traditionally developed. "The enemy continues on attacking" is a primarily defensive statement. By empowering an organization to take action, Honeypot demonstrates its importance. An institution can discover, gather, address, and absorb new security policy flaws with the aid of honeypots. This methodology allows an organization's security measures to continuously incorporate new threats and penetration methods. This is the main justification of creating, developing, and using a honeypot. It is a resource that is meant to be taken advantage of and compromised. To evaluate the methodology, a spark-based honeypot strategy has been designed, put into practice, and tested in this study. The suggested study strategy has undergone many days of testing on a campus-based network. The designed system's primary function is to behave as a fully resourced computer or vault to draw intruders with the requirement that they not defend against or respond to intrusions. The studies were carried out using a number of parameters that were designed.
21
Macias, Henrry Javier Rentería, Jimmy Fernando Ramírez Márquez, Carlos Simón Plata Cabrera, Jonathan Patricio Cárdenas Ruperti, and Rómulo Sandino Jurado Calero. "Análisis de intrusiones cibernéticas con el uso del Honeypots. Una revisión sistemática / Análise de invasões cibernéticas usando Honeypots. Uma revisão sistemática." Brazilian Applied Science Review 5, no. 6 (December 28, 2021): 2218–48. http://dx.doi.org/10.34115/basrv5n6-012.
Full textAbstract:
Honeypot o sistema señuelo diseñado para ser el objetivo de un atacante en las intrusiones cibernéticas además puede recopilar información sobre técnicas y comportamientos de ataque. Se ha realizado una gran cantidad de trabajo en el campo de la detección de intrusiones en la red durante las últimas tres décadas. Con las redes cada vez más rápidas y con la creciente dependencia de Internet tanto a nivel personal como comercial, la detección de intrusos se convierte en un proceso desafiante. El desafío aquí no es solo poder monitorear activamente un gran número de sistemas, sino también poder reaccionar rápidamente a diferentes eventos. Antes de desplegar un honeypot es recomendable tener una idea clara de lo que debe y no debe hacer el honeypot. Debe haber una comprensión clara de los sistemas operativos que se utilizarán y los servicios (como un servidor web, servidor ftp, etc.) que ejecutará un honeypot. Se deben tener en cuenta los riesgos involucrados y se deben comprender los métodos para abordar o reducir estos riesgos. También es recomendable tener un plan sobre qué hacer en caso de que el honeypot se vea comprometido. La presente revisión sistemática aborda el estado actual de la investigación ligada a la detección de intrusiones usando honeypots. La recopilación de información científica se apoyó en el sistema Mendeley, seleccionándose 32 artículos luego de la evaluación de calidad que tuvo como base criterios de inclusión y exclusión previamente establecidos.
22
Wang, Keyong, Mengyao Tong, Dequan Yang, and Yuhang Liu. "A Web-Based Honeypot in IPv6 to Enhance Security." Information 11, no. 9 (September 12, 2020): 440. http://dx.doi.org/10.3390/info11090440.
Full textAbstract:
IPv6 is a next-generation IP protocol that replaces IPv4. It not only expands the number of network address resources but also solves the problem of multiple access devices connected to the Internet. While IPv6 has brought excellent convenience to the public, related security issues have gradually emerged, and an assessment of the security situation in IPv6 has also become more important. Unlike passive defense, the honeypot is a security device for active defense. The real network application and the fake network application, disguised by the honeypot, are located on a similar subnet, and provide a network application service; but, in both cases, behavior logs from unauthorized users are caught. In this manner, and to protect web-based applications from attacks, this article introduces the design and implementation of a web-based honeypot that includes a weak password module and an SQL inject module, which supports the IPv6 network to capture unauthorized access behavior. We also propose the Security Situation Index (SSI), which can measure the security situation of the network application environment. The value of SSI is established according to the different parameters that are based on honeypots. There is a firewall outside the test system environment, so the obtained data should be used as the real invasion data, and the captured behavior is not a false positive. Threats can be spotted smartly by deploying honeypots; this paper demonstrates that the honeypot is an excellent method of capturing malicious requests and can be measured with the SSI of the whole system. According to the information, the administrator can modify the current security policy, which can improve the security level of a whole IPv6 network system.
23
Seetharam kakaraparthi, Durganjaneyulu immadisetty, and Maranco M. "Enhanced honeypot security for intrusion detection and prevention systems using blockchain." World Journal of Advanced Research and Reviews 22, no. 1 (April 30, 2024): 751–58. http://dx.doi.org/10.30574/wjarr.2024.22.1.1065.
Full textAbstract:
The project aims to enhance honeypot security through the integration of blockchain technology into an intrusion detection and prevention system (IDPS). Honeypots are decoy systems deployed to detect, deflect, or study unauthorized use of information systems. By leveraging blockchain, a decentralized and tamper-proof ledger, the project ensures the integrity and immutability of honeypot data, providing robust security against cyber threats.The system employs a blockchain-based architecture where each honeypot event is recorded as a block in the chain, ensuring the integrity of the data. Additionally, smart contracts are utilized to automatically execute predefined actions based on specific conditions detected by the honeypot system, such as blocking IP addresses upon detecting malicious activities. Furthermore, the system facilitates the sharing of threat intelligence among peers in real-time, enhancing collaborative security efforts. Through the integration of blockchain technology, smart contracts, and threat intelligence sharing, the project offers an innovative approach to honeypot security, providing organizations with a more resilient defense against cyber threats.
24
Ahmed, Dr Hanaa Mohsin, Dr Nidaa Flaih Hassan, and Assmaa A. Fahad. "A Survey on SmartPhone Honeypot." INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY 11, no. 4 (October 15, 2013): 2476–80. http://dx.doi.org/10.24297/ijct.v11i4.3131.
Full textAbstract:
Smartphones are becoming  a dominant form of mobile computing in the world. The Smartphone, as a platform, blends a traditional general computing platform with a specialized mobile phone platform. The general computing tradition is historically open, allowing its owners to install whatever software they choose and to add or remove hardware as they please. Also they are a vault for large amount of personal information about banking, social network, and inter-personal communication. These capabilities and information value make it an attractive target to internet miscreants.This paper presents a survey on recent researches in Smartphone honeypot. Physical and virtual honeypots have been studied in details; however, there is only little work in the field of mobile related honeypot. The survey presents the challenges while setting up a smartphone honeypot, and summarizes the researches published in this area. We clarify the methods used to build their honeypot, and the results they obtained and their recommendations.
25
Scanlan, Joel, Paul A. Watters, Jeremy Prichard, Charlotte Hunn, Caroline Spiranovic, and Richard Wortley. "Creating Honeypots to Prevent Online Child Exploitation." Future Internet 14, no. 4 (April 14, 2022): 121. http://dx.doi.org/10.3390/fi14040121.
Full textAbstract:
Honeypots have been a key tool in controlling and understanding digital crime for several decades. The tool has traditionally been deployed against actors who are attempting to hack into systems or as a discovery mechanism for new forms of malware. This paper presents a novel approach to using a honeypot architecture in conjunction with social networks to respond to non-technical digital crimes. The tool is presented within the context of Child Exploitation Material (CEM), and to support the goal of taking an educative approach to Internet users who are developing an interest in this material. The architecture that is presented in the paper includes multiple layers, including recruitment, obfuscation, and education. The approach does not aim to collect data to support punitive action, but to educate users, increasing their knowledge and awareness of the negative impacts of such material.
26
Sudha Gadde, Sai, Rama Krishna Srinivas Ganta, ASALG Gopala Gupta, Raghava Rao K, and KRR Mohan Rao. "Securing Internet of Things(IoT) Using HoneyPots." International Journal of Engineering & Technology 7, no. 2.7 (March 18, 2018): 820. http://dx.doi.org/10.14419/ijet.v7i2.7.11075.
Full textAbstract:
In today’s everlasting technological world, information and data communication create more devices stay connected to the internet. This lead to achieving development for building different software and internet connection very inexpensive this affected privacy and security. Security today became of the most important issue because day-by-day new technologies are put forward for different purposes of study while these come with a lot of vulnerabilities which makes the exploitation of the data. IoT is also such kind technology which is available for exploiting. For preserving information from such type of attacks we use honeypot which serves as a decoy based technology in a network and these are cost effective and works as a deception model which entice attackers with low vulnerabilities and security. Here are how honeypots used to defend IoT devices from being attacked and gather information about the attackers’ device.
27
Gao, Yazhuo, Guomin Zhang, and Changyou Xing. "A Multiphase Dynamic Deployment Mechanism of Virtualized Honeypots Based on Intelligent Attack Path Prediction." Security and Communication Networks 2021 (October 21, 2021): 1–15. http://dx.doi.org/10.1155/2021/6378218.
Full textAbstract:
As an important deception defense method, a honeypot can be used to enhance the network’s active defense capability effectively. However, the existing rigid deployment method makes it difficult to deal with the uncertain strategic attack behaviors of the attackers. To solve such a problem, we propose a multiphase dynamic deployment mechanism of virtualized honeypots (MD2VH) based on the intelligent attack path prediction method. MD2VH depicts the attack and defense characteristics of both attackers and defenders through the Bayesian state attack graph, establishes a multiphase dynamic deployment optimization model of the virtualized honeypots based on the extended Markov’s decision-making process, and generates the deployment strategies dynamically by combining the online and offline reinforcement learning methods. Besides, we also implement a prototype system based on software-defined network and virtualization container, so as to evaluate the effectiveness of MD2VH. Experiments results show that the capture rate of MD2VH is maintained at about 90% in the case of both simple topology and complex topology. Compared with the simple intelligent deployment strategy, such a metric is increased by 20% to 60%, and the result is more stable under different types of the attacker’s strategy.
28
Gupta, B. B., and Alisha Gupta. "Assessment of Honeypots." International Journal of Cloud Applications and Computing 8, no. 1 (January 2018): 21–54. http://dx.doi.org/10.4018/ijcac.2018010102.
Full textAbstract:
Honeypots act as an easy target for attackers but it is actually a “decoy” in which attacker is trapped. It is a defensive technique which lures the attacker into performing some illicit operations on it and subsequently using it to trace the activities of attacker, generating signatures and protecting the real system. In this article, a recent survey on Honeypots is presented, its deployment in smartphone scenarios, its usage to curb Distributed Denial of Service attacks in variegated frameworks including Cloud environments, copious datasets and open source. Also described are the types Honeypots available, their various security problems, and existing solutions. Furthermore, there is light shed on disparate issues and the challenges in the existing solutions and scope of further research.
29
K,, Santhosh. "Design and Implementation of a Honeypot-based Intrusion Detection System for Mitigating SQL Injection-based Botnet Attacks in E-commerce Websites." International Scientific Journal of Engineering and Management 03, no. 04 (April 23, 2024): 1–9. http://dx.doi.org/10.55041/isjem01620.
Full textAbstract:
Sensitive data on e-commerce websites has been more vulnerable to cyberattacks in recent years, especially when those assaults take advantage of SQL injection flaws. Botnets are a ubiquitous hazard that increase the risks by automating large-scale attacks. This paper provides a new method for preventing SQL injection-based botnet assaults on e-commerce websites by creating and deploying an intrusion detection system (IDS) based on honeypots. By tricking attackers into interacting with dummy systems and then watching and analyzing their actions, the suggested solution seeks to proactively detect and neutralize such attacks. Our system improves the security posture of e-commerce platforms by using a combination of machine learning algorithms, anomaly detection techniques, and honeypot deployment. This protects sensitive client data and maintains business integrity. Keywords: E-commerce, SQL injection, Botnet, Honeypot, Intrusion Detection System, Machine Learning, Anomaly Detection
30
Purswani, Gaurav, Raunak Parashar, Hemanth N, Raja Kumar Singh, and Divya C D. "Honey Potting using Containerization Technique." Journal of Network Security Computer Networks 8, no. 2 (July 8, 2022): 46–52. http://dx.doi.org/10.46610/jonscn.2022.v08i02.004.
Full textAbstract:
In this paper, we overview the latest benefits of honeypots. Few outstanding plans and their analysis is specified. The facts related to honeypots in schooling and hybrid surroundings with the Intrusion Detection System were specified. In this paper, we specify the use of the signature approach in honeypots for visitor analysis. In this, we summarize all these features. Containerization encourages a few functions to run machine kernel that is Name spaces and control organizations. These are some Linux kernel capabilities that permit separation of process and whilst these kernel functions had been addressed one after the other with the purpose to develop lightweight, OS-level virtualization, Docker changed into evolved.
31
Hermawan, Denni Septian, Syaifuddin Syaifuddin, and Diah Risqiwati. "Analisa Real-Time Data log honeypot menggunakan Algoritma K-Means pada serangan Distributed Denial of Service." Jurnal Repositor 2, no. 5 (March 6, 2020): 541. http://dx.doi.org/10.22219/repositor.v2i5.440.
Full textAbstract:
AbstrakJaringan internet yang saat ini di gunakan untuk penyimpanan data atau halaman informasi pada website menjadi rentan terhadap serangan, untuk meninkatkan keamanan website dan jaringannya, di butuhkan honeypot yang mampu menangkap serangan yang di lakukan pada jaringan lokal dan internet. Untuk memudahkan administrator mengatasi serangan digunakanlah pengelompokan serangan dengan metode K-Means untuk mengambil ip penyerang. Pembagian kelompok pada titik cluster akan menghasilkan output ip penyerang.serangan di ambil sercara realtime dari log yang di miliki honeypot dengan memanfaatkan MHN.Abstract The number of internet networks used for data storage or information pages on the website is vulnerable to attacks, to secure the security of their websites and networks, requiring honeypots that are capable of capturing attacks on local networks and the internet. To make it easier for administrators to tackle attacks in the use of attacking groupings with the K-Means method to retrieve the attacker ip. Group divisions at the cluster point will generate the ip output of the attacker. The strike is taken as realtime from the logs that have honeypot by utilizing the MHN.
32
Arbaaz, Adnaan, Vanam Rajkumar, and M. I. "Honeypots: Screening Cyber Attacks." International Journal of Computer Applications 176, no. 22 (May 15, 2020): 53–58. http://dx.doi.org/10.5120/ijca2020920238.
Full text
33
Dornseif, M., F. C. Gärtner, and T. Holz. "Vulnerability Assessment using Honeypots." PIK - Praxis der Informationsverarbeitung und Kommunikation 27, no. 4 (December 2004): 195–201. http://dx.doi.org/10.1515/piko.2004.195.
Full text
34
Yadav, Aastha, Sarthak Raisurana, and N. Ch Sriman Narayana Iyengar. "Analysis of a Honeypot Intrusion Detection System for Medical and Healthcare Services." Journal of Innovative Technology Convergence 4, no. 1 (June 30, 2022): 49–58. http://dx.doi.org/10.69478/jitc2022v4n1a02.
Full textAbstract:
Cyber-attacks have been increasingly becoming alarming in recent years specifically for medical and healthcare systems. One of the cyber-attackers aims is to break into the medical or healthcare networks and gain access to the patient’s medical records. This paper deals with the honeypot-based intrusion detection system to provide information security for medical and healthcare systems. The proposed system utilizes the Dionaea and Kippo SSH (Kippo Secure Shell) honeypots to secure the medical and healthcare network infrastructure and analyze the activities of cyber-attackers. A possible Metasploit and Brute force attacks logged by the Dionaea and Kippo SSH will be analyzed to prepare the malware analysis report of the suspicious file download.
35
Kirishikesan, Kannan, Gayakantha Jayakody, Ayesh Hallawaarachchi, and Chandana Gamage. "A High-interaction Physics-aware ICS Honeypot for Industrial Environments." International Journal on Advances in ICT for Emerging Regions (ICTer) 16, no. 2 (December 8, 2023): 31–39. http://dx.doi.org/10.4038/icter.v16i2.7265.
Full textAbstract:
Industrial Control Systems (ICSs) are control systems that automate and control industrial processes. ICSs have a high-security risk since most of them are connected to the Internet for remote monitoring and controlling purposes. Compromising ICS can disrupt critical infrastructure supplies, such as water supply, power supply, transportation systems, and manufacturing systems. Programmable Logic Controllers (PLCs) are special computers used in ICSs. Many PLCs do not have built-in security systems. Many ICS application layer protocols are not designed with security in mind. Therefore, external security systems are needed to protect ICSs from cyber-attacks. Identifying the vulnerabilities, malware, and attacking patterns is useful in designing defense-in-depth security systems for ICSs. Honeypots can be used for research purposes as a way of collecting data and can also be used to protect the systems from attackers. In this paper, we present a high-interaction physics-aware ICS research honeypot that has been extended to a production honeypot using Software Defined Networking.
36
Akshay, Akshat Divya, Anchit Bhushan, Nihal Anand, Rishabh Khemka, and Sumithra Devi K.A. "HONEYPOT: Intrusion Detection System." International Journal of Education, Science, Technology, and Engineering 3, no. 1 (April 24, 2020): 13–18. http://dx.doi.org/10.36079/lamintang.ijeste-0301.66.
Full textAbstract:
The number of computers connecting to the internet is getting increased day by day, while the number of computers connected is increasing then it is obvious that the amount of network-based attacks will also increase. In this way, we use a honeypot that is a framework trap that is set to act against unapproved utilization of PCs and data frameworks. Around the globe, a huge number of individuals get to the web each day, honeypot which can likewise be called Intrusion Detection Technology is another time of security innovation that screens device to avoid malicious sports. The whole factor of this research paper is an Intrusion Detection System and Intrusion Prevention System, elements accomplished via honeypot and honeytrap methodologies. A great deal of research went into this review paper and the discoveries propose that the honeypots are drawing in light of a legitimate concern for analysts as a significant security system that can be actualized to stop or occupy the assaults the system assaults and give a chance to find out increasingly more about the source and nature of these assaults. Hence we can say that a honeypot can be utilized as an examination apparatus to accumulate increasingly more data about the expanding number of system assaults that are going on consistently.
37
Jagan, Shanmugam, Ashish Ashish, Miroslav Mahdal, Kenneth Ruth Isabels, Jyoti Dhanke, Parita Jain, and Muniyandy Elangovan. "A Meta-Classification Model for Optimized ZBot Malware Prediction Using Learning Algorithms." Mathematics 11, no. 13 (June 24, 2023): 2840. http://dx.doi.org/10.3390/math11132840.
Full textAbstract:
Botnets pose a real threat to cybersecurity by facilitating criminal activities like malware distribution, attacks involving distributed denial of service, fraud, click fraud, phishing, and theft identification. The methods currently used for botnet detection are only appropriate for specific botnet commands and control protocols; they do not endorse botnet identification in early phases. Security guards have used honeypots successfully in several computer security defence systems. Honeypots are frequently utilised in botnet defence because they can draw botnet compromises, reveal spies in botnet membership, and deter attacker behaviour. Attackers who build and maintain botnets must devise ways to avoid honeypot traps. Machine learning methods support identification and inhibit bot threats to address the problems associated with botnet attacks. To choose the best features to feed as input to the machine learning classifiers to estimate the performance of botnet detection, a Kernel-based Ensemble Meta Classifier (KEMC) Strategy is suggested in this work. And particle swarm optimization (PSO) and genetic algorithm (GA) intelligent optimization algorithms are used to establish the ideal order. The model covered in this paper is employed to forecast Internet cyber security circumstances. The Binary Cross-Entropy (loss), the GA-PSO optimizer, the Softsign activation functions and ensembles were used in the experiment to produce the best results. The model succeeded because Forfileless malware, gathered from well-known datasets, achieved a total accuracy of 93.3% with a True Positive (TP) Range of 87.45% at zero False Positive (FP).
38
Yamamoto, Yudai, and Shingo Yamaguchi. "Defense Mechanism to Generate IPS Rules from Honeypot Logs and Its Application to Log4Shell Attack and Its Variants." Electronics 12, no. 14 (July 21, 2023): 3177. http://dx.doi.org/10.3390/electronics12143177.
Full textAbstract:
The vulnerability of Apache Log4j, Log4Shell, is known for its widespread impact; many attacks that exploit Log4Shell use obfuscated attack patterns, and Log4Shell has revealed the importance of addressing such variants. However, there is no research which focuses on the response to variants. In this paper, we propose a defense system that can protect against variants as well as known attacks. The proposed defense system can be divided into three parts: honeypots, machine learning, and rule generation. Honeypots are used to collect data, which can be used to obtain information about the latest attacks. In machine learning, the data collected by honeypots are used to determine whether it is an attack or not. It generates rules that can be applied to an IPS (Intrusion Prevention System) to block access that is determined to be an attack. To investigate the effectiveness of this system, an experiment was conducted using test data collected by honeypots, with the conventional method using Suricata, an IPS, as a comparison. Experimental results show that the discrimination performance of the proposed method against variant attacks is about 50% higher than that of the conventional method, indicating that the proposed method is an effective method against variant attacks.
39
Gilces Zambrano, Alex Fernando, Viviana Demera Centeno, and Leticia Vaca Cárdenas. "Mecanismos de ciberseguridad basados en honeypots." Informática y Sistemas: Revista de Tecnologías de la Informática y las Comunicaciones 5, no. 2 (December 10, 2021): 1. http://dx.doi.org/10.33936/isrtic.v5i2.3708.
Full textAbstract:
La evolución vertiginosa de las tecnologías de la información y comunicación, ha generado en la sociedad contemporánea una creciente necesidad de interacción entre medios digitales y la mayoría de nuestras actividades productivas; sin embargo, a la par del auge de mayores y mejores oportunidades que nacen de esta sinergia, han ido apareciendo nuevos tipos de riesgos y amenazas computacionales, que han convertido a la seguridad de las redes en un problema de proporciones masivas; bajo este contexto, es necesario prestar mayor atención en el estudio de soluciones que permitan asegurar las disponibilidad de las comunicaciones. El objetivo de la presente investigación se enfocó en aplicar mecanismos de ciberseguridad basados en honeypots para mejorar la disponibilidad de la red en el Cuerpo de Bomberos de Portoviejo (CBP). Con este propósito sé definió un caso de estudio que permitió analizar la disponibilidad de la red de datos y evaluar el uso de mecanismos de ciberseguridad basados en honeypots; para lo cual, se implementó una infraestructura compuesta por un sistema de seguridad perimetral, sistema de detección y prevención de intrusos, honeypots, herramientas de monitoreo de red, herramientas de hacking ético, herramientas de análisis de vulnerabilidades, y servicios de usuario final. Los resultados obtenidos demuestran que la aplicación de mecanismos de ciberseguridad basados en honeypots mejoró la disponibilidad de la red en un 42.86 %.
40
Nikolaidis, J. "Honeypots, tracking hackers [Book Reviews]." IEEE Network 17, no. 4 (July 2003): 5. http://dx.doi.org/10.1109/mnet.2003.1220681.
Full text
41
Dittrich, David. "The ethics of social honeypots." Research Ethics 11, no. 4 (May 22, 2015): 192–210. http://dx.doi.org/10.1177/1747016115583380.
Full text
42
Yu, Tianxiang, Yang Xin, and Chunyong Zhang. "HoneyFactory: Container-Based Comprehensive Cyber Deception Honeynet Architecture." Electronics 13, no. 2 (January 15, 2024): 361. http://dx.doi.org/10.3390/electronics13020361.
Full textAbstract:
Honeynet and honeypot originate as network security tools to collect attack information during the network being compromised. With the development of virtualization and software defined networks, honeynet has recently achieved many breakthroughs. However, existing honeynet architectures treat network attacks as interactions with a single honeypot which is supported by multiple honeypots to make this single one more realistic and efficient. The scale and depth of existing honeynets are limited, making it hard to capture complicated attack information. Existing honeynet frameworks also have low-level simulation of protected network and lacks test metrics. To address these issues, we design and implement a novel container-based comprehensive cyber deception honeynet architecture that consists of five modules, called HoneyFactory. Just like factory producing products according to customer preferences, HoneyFactory generates honeynet using containers based on business networks under protection. In HoneyFactory architecture, we propose a novel honeynet deception model based on hmm model to evaluate deception stage. We also design other modules to make this architecture comprehensive and efficient. Experiments show that HoneyFactory performs better than existing research in communication latency and connections per second. Experiments also show that HoneyFactory can effectively evaluate deception stage and perform deep cyber deception.
43
Manmohan Dagar and Rashmi Popli. "Honeypots: Virtual Network Intrusion Monitoring System." International Journal of Scientific Research in Network Security and Communication 6, no. 2 (April 30, 2018): 45–49. http://dx.doi.org/10.26438/ijsrnsc/v6i2.4549.
Full text
44
M. Sandhya Rani, Guda Ankitha, Polasani Harini, and G Ravi. "Cyber Honeypot." International Journal of Scientific Research in Science and Technology 11, no. 2 (April 2, 2024): 94–98. http://dx.doi.org/10.32628/ijsrst52411168.
Full textAbstract:
In an era of escalating cyber threats, the need for robust defenses against malicious activities is paramount. In this project, we propose a novel approach to leverage honeypots in conju nction with Canary Tokens to accurately pinpoint the geographical locations of attackers. By strategically deploying these decoy resources across diverse network environments, we capture valuable data on unauthorized access attempts and malicious behavior. Through the analysis of Canary Tokens, which act as unique identifiers triggered upon interaction, we can trace the origin of these attacks to specific IP addresses. Utilizing this information, security professionals gain insights into the geographical distribution of attackers, aiding in threat intelligence, incident response, and the implementation of targeted security measures. This integration of project honeypots and Canary Tokens enhances network defense strategies, providing organizations with a proactive stance against cyber threats.
45
Khan, Zeeshan Ali, and Ubaid Abbasi. "Reputation Management Using Honeypots for Intrusion Detection in the Internet of Things." Electronics 9, no. 3 (February 29, 2020): 415. http://dx.doi.org/10.3390/electronics9030415.
Full textAbstract:
Internet of Things (IoT) networks consist of tiny devices with limited processing resources and restricted energy budget. These devices are connected to the world-wide web (www) using networking protocols. Considering their resource limitations, they are vulnerable to security attacks by numerous entities on the Internet. The classical security solutions cannot be directly implemented on top of these devices for this reason. However, an Intrusion Detection System (IDS) is a classical way to protect these devices by using low-cost solutions. IDS monitors the network by introducing various metrics, and potential intruders are identified, which are quarantined by the firewall. One such metric is reputation management, which monitors the behavior of the IoT networks. However, this technique may still result in detection error that can be optimized by combining this solution with honeypots. Therefore, our aim is to add some honeypots in the network by distributing them homogeneously as well as randomly. These honeypots will team up with possible maliciously behaving nodes and will monitor their behavior. As per the simulation results, this technique reduces the error rate within the existing IDS for the IoT; however, it costs some extra energy. This trade-off between energy consumption and detection accuracy is studied by considering standard routing and MAC protocol for the IoT network.
46
Tati Ernawati and Fikri Faiz Fadhlur Rachmat. "Keamanan Jaringan dengan Cowrie Honeypot dan Snort Inline-Mode sebagai Intrusion Prevention System." Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi) 5, no. 1 (February 28, 2021): 180–86. http://dx.doi.org/10.29207/resti.v5i1.2825.
Full textAbstract:
Computer network systems have been designing to share resources. Sharing resources process, data security, and confidentiality are main issues in anticipating misuse of the access to information by unauthorized parties. The solution to anticipating these problems is the availability of a security system capable of handling various intruders who threaten the system and protect network resources. This study builds and analyzes the performance of computer network security using cowrie honeypot and snort inline-mode as an Intrusion Prevention System (IPS). The development process goes through the stages of analysis, design, implementation, and monitoring. The content analysis method has been using to explore the problems and requirements of the system built. The security system was build by configuring the IP address and network system devices (server, remote admin, client attacker). The test has been carrying out on 3 test parameters (confidentiality, availability, and integrity), comparison testing method has been using to test the integrity parameters. The test results indicate that the system functionality test for user needs have fulfilled, the results of the confidentiality test (83.3%), availability (93.3%), and the integrity of the inline-mode snort show faster response time (0.069 seconds on average) and more CPU resource usage efficient (0.04% average) than the cowrie honeypot. IPS snort inline-mode overall integrity parameter testing is more recommended for used network security systems than cowrie honeypots.
47
Ramakrishnaiah, N. "Analysis of Network Intrusion Attacks using Honeypots." International Journal of Computer Applications 182, no. 32 (December 17, 2018): 33–37. http://dx.doi.org/10.5120/ijca2018918255.
Full text
48
Alqubati, Mansour Ali H., Yousef B. Mahdy, and Hosny M. Ibrahim. "WORM DETECTION USING HONEYPOTS FOR WINDOWS ENVIRONMENT." JES. Journal of Engineering Sciences 38, no. 4 (July 1, 2010): 1013–25. http://dx.doi.org/10.21608/jesaun.2010.125560.
Full text
49
Zanoramy Ansiry Zakaria, Wira, and Miss Laiha Mat Kiah. "A review of dynamic and intelligent honeypots." ScienceAsia 39S, no. 1 (2013): 1. http://dx.doi.org/10.2306/scienceasia1513-1874.2013.39s.001.
Full text
50
Fatima Khan, Nooreen, and M. Mohan. "Cloud security using self-acting spontaneous honeypots." International Journal of Engineering & Technology 7, no. 2.8 (March 19, 2018): 243. http://dx.doi.org/10.14419/ijet.v7i2.8.10418.
Full textAbstract:
Cloud Computing is growing in terms users, infrastructure, services, also security issues like: Cyber attacks are increasing day by day security community need some better mechanism to learn about attacks and which can provide an improved response against these security issues in cloud effectively. Current defences, security solutions, security equipments doesn’t cover two or all three security concepts which are prevention, detection and response. Honeypot security resource can be used to add value to the cloud security community it can cover all three security concepts if implemented intelligently.In this project a high-interaction based self-acting spontaneous honey pot, abbreviated as SAS HP, which can dynamically change its behavior after learning from an attacker, is proposed and its architecture is given which can be deployed in the cloud environment for the analysis of attack patterns and to secure cloud systems. Also, the concept that how the instances of this honey pot can be made available as a service to the customer and how this SAS HP can be deployed with in cloud is given in this report. The aim is to develop the working prototype of the proposed system in cloud environment.