Peng Jiang,Hongyi Wu,Cong Wang,Chunsheng Xin

DOI: https://doi.org/10.1109/ICC.2018.8422830

2018-01-01

Abstract:Identity-based attacks such as MAC spoofing are common in wireless networks. The recently developed virtualization technologies bring a new type of MAC spoofing attack, virtual MAC spoofing. This makes it even more challenging to detect such attacks, especially in a tight environment with spatial similarities. In this paper, we design, implement and evaluate a system to effectively detect virtual MAC spoofing attacks via deep learning. A deep convolutional neural network is constructed to extract physical features from CSI obtained from packet transmissions, to detect virtual MAC spoofing attacks. An important merit of the proposed detection system is that this system can distinguish two devices even at the same location, which was not well addressed by previous approaches. Our extensive experimental results demonstrate the effectiveness of the system with an average detection accuracy of 95%, even when devices are co-located.

Ji-Ming Chen,Shi Chen,Xiang Wang,Lin,Li Wang

DOI: https://doi.org/10.1155/2021/2729949

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:With the rapid development of Internet of Things technology, a large amount of user information needs to be uploaded to the cloud server for computing and storage. Side-channel attacks steal the private information of other virtual machines by coresident virtual machines to bring huge security threats to edge computing. Virtual machine migration technology is currently the main way to defend against side-channel attacks. VM migration can effectively prevent attackers from realizing coresident virtual machines, thereby ensuring data security and privacy protection of edge computing based on the Internet of Things. This paper considers the relevance between application services and proposes a VM migration strategy based on service correlation. This strategy defines service relevance factors to quantify the degree of service relevance, build VM migration groups through service relevance factors, and effectively reduce communication overhead between servers during migration, design and implement the VM memory migration based on the post-copy method, effectively reduce the occurrence of page fault interruption, and improve the efficiency of VM migration.

Xingyuan Yang,Jie Yuan,Hao Yang,Ya Kong,Hao Zhang,Jinyu Zhao

DOI: https://doi.org/10.3390/fi15040127

2023-03-29

Future Internet

Abstract:In this paper, considering the problem that the common defensive means in the current cyber confrontation often fall into disadvantage, honeypot technology is adopted to turn reactive into proactive to deal with the increasingly serious cyberspace security problem. We address the issue of common defensive measures in current cyber confrontations that frequently lead to disadvantages. To tackle the progressively severe cyberspace security problem, we propose the adoption of honeypot technology to shift from a reactive to a proactive approach. This system uses honeypot technology for active defense, tempting attackers into a predetermined sandbox to observe the attacker's behavior and attack methods to better protect equipment and information security. During the research, it was found that due to the singularity of traditional honeypots and the limitations of low-interactivity honeypots, the application of honeypot technology has difficulty in achieving the desired protective effect. Therefore, the system adopts a highly interactive honeypot and a modular design idea to distinguish the honeypot environment from the central node of data processing, so that the honeypot can obtain more sufficient information and the honeypot technology can be used more easily. By managing honeypots at the central node, i.e., adding, deleting, and modifying honeypots and other operations, it is easy to maintain and upgrade the system, while reducing the difficulty of using honeypots. The high-interactivity honeypot technology not only attracts attackers into pre-set sandboxes to observe their behavior and attack methods, but also performs a variety of advanced functions, such as network threat analysis, virtualization, vulnerability perception, tracing reinforcement, and camouflage detection. We have conducted a large number of experimental comparisons and proven that our method has significant advantages compared to traditional honeypot technology and provides detailed data support. Our research provides new ideas and effective methods for network security protection.

Xy He,Ky Lam,Sl Chung,Ch Chi,Jg Sun

DOI: https://doi.org/10.1007/978-3-540-30483-8_18

2004-01-01

Abstract:Security becomes increasingly important. However, existing security tools, almost all defensive, have many vulnerabilities which are hard to overcome because of the lack of information about hackers techniques or powerful tools to distinguish malicious traffic from the huge volume of production traffic. Although honeypots mainly aim at collecting information about hackers' behaviors, they axe not very effective in that honeypot implementers tend to block or limit hackers' outbound connections to avoid harming non-honeypot systems, thus making honeypots easy to be fingerprinted. Additionally, the main concern is that if hackers were allowed outbound connections, they may attack the actual servers thus the honeypot could become a facilitator of the hacking crime. In this paper we present a new method to real-time emulate intrusion victims in a honeyfarm. When hackers request outbound connections, they are redirected to the intrusion victims which emulate the real targets. This method provides hackers with a less suspicious environment and reduces the risk of harming; other systems.

Amal M.R.,Venkadesh P.

DOI: https://doi.org/10.14704/web/v19i1/web19370

2022-01-20

Webology

Abstract:The number of connected devices in the network is growing day by day, and as the number of linked devices grows, so will the number of cyberattacks. All devices connected to the Internet has become a target of cyberattacks as network attack methods have developed. As a result, the security of network data cannot be neglected. To handle the future threats in this way, we employ honeypots, which are conceptual framework traps designed to block unauthorized access to both PCs and data. Every day, a large number of people access the internet throughout the world. Honeypot, also known as Intrusion Detection Technology, is a type of security technology that screens devices to prevent unwanted activities. This article will provide an overview of cyber security as well as a discussion of machine learning, cyber threats, and honeypot system-based techniques. This review paper was the result of a lot of research, and in assessing honeypots, the researchers found that they are becoming more of a concern for experts as an important security tool that can halt or limit system attacks and provide analysts with insights into the origins and behaviours of such attacks.

Yue Shi,Yingying Zhang

DOI: https://doi.org/10.1145/3617184.3618056

2023-09-22

Abstract:Honeypot is an active security defense technology that uses false information to lure attackers into attacking and record their behavior. Traditional honeypots are usually static, and inherent features and services can accelerate attackers' recognition of honeypots, causing them to lose value. We designs a dynamic honeypot based on machine learning, which can adapt to dynamic and constantly changing network environments while improving the authenticity of the honeypot. It automatically generates configuration files, simulates the characteristics and behavior of devices in the network. The method proposed is to achieve active monitoring and defense of network attacks by actively scanning Nmap and obtaining network device information through P0f, and combining feature clustering methods to classify devices and generate honeypot configuration files, active monitoring and defense of network attacks can be achieved. The results shows that this methods can effectively enhance the attack capture ability and camouflage ability of honeypots.

Computer Science

CHEN Ji-jun,ZHANG Xin-xin,HUANG Hao

DOI: https://doi.org/10.3969/j.issn.1009-8054.2007.07.042

2007-01-01

Abstract:The methods and techniques to detect and compromise Honeypot are deployed more and more widely. To improve Honeypot system,this paper proposes build the Honeypot based on Xen virtual machine technology to make Honeypot more effective in performance,more difficult to detect and easier to manage and use.

Sebastian Biedermann,Martin Mink,Stefan Katzenbeisser

DOI: https://doi.org/10.1145/2381913.2381916

2012-01-01

Abstract:In this paper, we describe the design, the implementation and the evaluation of a dynamic honeypot architecture which can be offered as an additional security service for cloud users in a cloud that offers Infrastructure-as-a-Service (IaaS). Honeypots can protect original systems while revealing new and unknown attacks at the same time. The proposed dynamic honeypot architecture detects potential attacks in the initial phases and delays these attacks until a new honeypot virtual machine (VM) is extracted from the original VM which is under attack. The extraction process is a modifying VM live cloning process which leaves sensible data behind and prevents internal data loss. This way, the newly created honeypot VM runs the same software in exactly the same up-to-date configuration. The honeypot controller redirects the delayed attack to the extracted honeypot VM and analyses its impact without risking the integrity of the original target VM. The proposed architecture benefits from the flexibility and adaptability of the cloud. It efficiently protects VMs of cloud users from contemporary network attacks while only few additional cloud resources are temporarily needed. The architecture deceives and misleads an attacker or an attacking source but does not influence the normal work-flow of the original VMs in the cloud. Based on a defined reporting format, cloud users can learn from attacks which have targeted their VMs and discover current misconfigurations and unknown vulnerabilities.

Stefan Machmeier

2024-07-17

Abstract:In this age of digitalization, Internet services face more attacks than ever. An attacker's objective is to exploit systems and use them for malicious purposes. Such efforts are rising as vulnerable systems can be discovered and compromised through Internet-wide scanning. One known methodology besides traditional security leverages is to learn from those who attack it. A honeypot helps to collect information about an attacker by pretending to be a vulnerable target. Thus, how honeypots can contribute to a more secure infrastructure makes an interesting topic of research. This thesis will present a honeypot solution to investigate malicious activities in heiCLOUD and show that attacks have increased significantly. To detect attackers in restricted network zones at Heidelberg University, a new concept to discover leaks in the firewall will be created. Furthermore, to consider an attacker's point of view, a method for detecting honeypots at the transport level will be introduced. Lastly, a customized OpenSSH server that works as an intermediary instance will be presented to mitigate these efforts.

Cryptography and Security

Yuwei Yao

DOI: https://doi.org/10.1109/iciscae52414.2021.9590714

2021-09-24

Abstract:The computer database that handles big data efficiently has created convenience for modern society, but it has gradually exposed more potential safety hazards in the application process. Computer databases storing massive data are prone to information loss, content tampering and other problems in the face of various attacks. With the development of the Internet and the continuous breakthrough of network technology, there are more and more hidden dangers that undermine network security, and the level and scope of damage are also increasing. This paper mainly describes the related concepts of intrusion detection technology, and puts forward the effective implementation of computer database intrusion detection technology based on virtualization technology, as well as the related strategies of fully optimizing computer database intrusion detection technology, so that the computer database can be effectively protected. Diversified intrusion detection system technology is widely used, which can not only ensure the safe and normal operation of database system, but also prevent the loss of important information and the destruction of structural integrity.

Vinay Kumar Singh

DOI: https://doi.org/10.52783/cana.v31.617

2024-05-30

Abstract:The latest wireless technology is developing smart phone technology and growing mobile cloud technology. Mobile cloud computing has a lot of potential benefits in the future, but it is also easy for hackers to gain complete control of many other users. Data privacy is crucial. While data security is designed to be secure, the most significant disadvantage for consumers is that once the computer is connected to the internet, an intruder can quickly steal data from the targeted target. To improve security, a hybrid intrusion detection system (HyInt) and honeypot networks have been added into the Mobile Cloud Environment, with the primary purpose of mitigating both unknown and known attacks.The study's execution offers a unique perspective on the algorithm's security and quality products that was not covered in previous studies. The research included extensive statistical analysis to demonstrate the consistency of the proposed algorithm. The implementation and evaluation findings demonstrate that there is lots of potential for further research in the cloud-based Intrusion Detection System. The developed technique can be used to effectively monitor network traffic in a high-security cloud environment designed for military and banking reasons.

LIU Yang

DOI: https://doi.org/10.3969/j.issn.1008-5327.2013.01.023

2013-01-01

Abstract:To enable students to better conduct network security attack and defense experiments,this paper builds a network attack and defense experimental platform based on the virtual honeynet technology,and illustrates implementation process of the key technology and the core functionality of the network attack and defense experimental platform based on the virtual machine and the Honeynet.Teaching practice test shows that the platform can be fully used as students’offense and defense experimental platform for network security,meeting the teaching requirements.

V. S. Devi Priya,S. Sibi Chakkaravarthy

DOI: https://doi.org/10.1038/s41598-023-28613-0

IF: 4.6

2023-01-26

Scientific Reports

Abstract:Discovering malicious packets amid a cloud of normal activity, whether you use an IDS or gather and analyze machine and device log files on company infrastructure, may be challenging and time consuming. The vulnerability landscape is rapidly evolving, and it will only become worse as more and more developing technologies, such as IoT, Industrial Automation, CPS, Digital Twins, etc are digitally connected. A honey trap aids in identifying malicious packets easily as, after a few rapid calibrations to eliminate false positives. Besides analyzing and reporting particular invasion patterns or toolkits exploited, it also assists in preventing access to actual devices by simulating the genuine systems and applications functioning in the network thus delaying as well as baffling the invader. In order to analyze and evaluate the hackers' behavior, an ensemble of research honeypot detectors has been deployed in our work. This paper delivers a robust outline of the deployment of containerized honeypot deployment, as a direct consequence, these are portable, durable, and simple to deploy and administer. The instrumented approach was monitored and generated countless data points on which significant judgments about the malevolent users' activities and purpose could be inferred.

multidisciplinary sciences

Wael Ahmad AlZoubi,Maen T. Alrashdan

DOI: https://doi.org/10.5267/j.ijdns.2022.5.010

2022-01-01

International Journal of Data and Network Science

Abstract:For the development of technologies and networks that have been evolving and expanding day by day. In this generation, these facilities allow users to interact more efficiently. Safety is therefore very important to consider preserving the network and database and the need to detect a potential attack before an attack occurs. Network security has become the main issue, particularly in the industries, and there are many techniques to be used to protect network systems. One of them is called Honeypot, a software that is used to detect unauthorized misuse of information systems and to evaluate the actions and behavior of the attacker. Honeypot is, in other words, a trap for any attackers to log in to the network. If the behavior of these attackers is detected, the information will be used to improve network security. Using Honeypot does not cause attackers to notice they are being detected. This research is primarily focused on Honeypot, which is a ground-breaking new technology that has the potential to provide security communities with protection and how it is important for its use to enhance the network security framework.

J Manikandan,U. Srilakshmi

DOI: https://doi.org/10.5750/ijme.v1i1.1393

2024-07-27

Abstract:Virtualization is a critical technology that enables users to leverage the vast resources available within datacenters. Despite its numerous benefits, such as on-demand scalability, continuous availability, and cost efficiency, virtualization is susceptible to various security challenges, including intrusion, data compromise, and session hijacking. To address these threats, this study presents an innovative approach based on deep learning for detecting attacks and proactively isolating virtual machines (VMs) to mitigate their impact. The event sequences of VMs are transformed into event images using advanced techniques Integrated Gramian Markov Plot (IGMP). The proposed IGMP model comprises of the Gramian model with Markov estimate. The model uses the recurrence plot for the estimation of the IGMP in the virtualization process with the computation of data centers. Additionally, to improve the security IGMP model uses the aggregation signature generation model for the security features in the Virtual Machines. The proposed IGMP model uses the Deep learning models are then employed to extract meaningful features from these event images, which are subsequently classified into specific attack classes. Once an attack is predicted within the physical machine, the suspected VMs are immediately isolated to prevent further damage. Experimental results demonstrated that the high efficacy of the IGMP method, achieving an impressive attack prediction accuracy of 96%, surpassing existing approaches by at least 2%.

engineering, marine

Veronica Valeros,Maria Rigaki,Sebastian Garcia

2023-05-02

Abstract:Honeypots are a well-known and widely used technology in the cybersecurity community, where it is assumed that placing honeypots in different geographical locations provides better visibility and increases effectiveness. However, how geolocation affects the usefulness of honeypots is not well-studied, especially for threat intelligence as early warning systems. This paper examines attack patterns in a large public dataset of geographically distributed honeypots by answering methodological questions and creating behavioural profiles of attackers. Results show that the location of honeypots helps identify attack patterns and build profiles for the attackers. We conclude that not all the intelligence collected from geographically distributed honeypots is equally valuable and that a good early warning system against resourceful attackers may be built with only two distributed honeypots and a production server.

Cryptography and Security,Networking and Internet Architecture

Xiaoyan Sun,Yang Wang,Jie Ren,Yuefei Zhu,Shengli Liu

DOI: https://doi.org/10.1109/ICYCS.2008.257

2008-01-01

Abstract:With the improvement of software security, attacks based on RPC vulnerabilities declined, however, attacks based on client application software vulnerabilities have increased. Such client application software includes Web browsers, email client and office. The spread of malware using these software vulnerabilities has become a severe threat to todaypsilas Internet. In allusion to this kind of threat, this paper designed an Internet malware collecting system based on client-side honeypot. This system can not only collect malware but also detect malicious Web site. It uses a unique network crawler based on client-side attack techniques to collect source of URL, and it collects URL and attachments from emails, then it creates software processes to open URL or files, and uses a device-drive monitor to detect malicious behaviors. It gives an alarm and locates the malicious file, and sends the malware coming through the Internet to the collecting server. We introduce the design and implement of this system and give the results.

Weizhe Zhang,Bin Zhang,Ying Zhou,Hui He,Zeyu Ding

DOI: https://doi.org/10.1109/jiot.2019.2956173

IF: 10.6

2020-05-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) devices are vulnerable against attacks because of their limited network resources and complex operating systems. Thus, a honeypot is a good method of capturing malicious requests and collecting malicious samples but is rarely used on the IoT. Accordingly, this article implements three kinds of honeypots to capture malicious behaviors. First, on the basis of the CVE-2017–17215 vulnerability, we implement a medium-high interaction honeypot that can simulate a specific series of router UPnP services. It has functions, such as service simulation, log recording, malicious sample download, and service self-check. Second, given the limited details available for the simulated UPnP service and to help the honeypot respond to unrecognizable malicious requests, we use the actual IoT device firmware that matches the vulnerability to build a high-interaction honeypot. In addition, we investigate the most exposed SOAP service ports and design corresponding multiport honeypot to improve the capacity of the honeynet, providing a hybrid service from a real device and simulating honeypots. The Docker in the honeynet, which reduces the volume of the honeypot and realizes the rapid deployment of the honeynet, encapsulates all these honeypots. Moreover, the honeynet control center is simultaneously designed to distribute commands and transfer files to each physical node in the honeynet. We implemented the proposed honeynet system and deployed it in practice. We have successfully caught many unknown malicious attacks excluded in the VT, which proved the effectiveness of the proposed framework.

computer science, information systems,telecommunications,engineering, electrical & electronic

Armin Ziaie Tabari,Xinming Ou,Anoop Singhal

DOI: https://doi.org/10.48550/arXiv.2112.10974

2021-12-21

Abstract:The growing number of Internet of Things (IoT) devices makes it imperative to be aware of the real-world threats they face in terms of cybersecurity. While honeypots have been historically used as decoy devices to help researchers/organizations gain a better understanding of the dynamic of threats on a network and their impact, IoT devices pose a unique challenge for this purpose due to the variety of devices and their physical connections. In this work, by observing real-world attackers' behavior in a low-interaction honeypot ecosystem, we (1) presented a new approach to creating a multi-phased, multi-faceted honeypot ecosystem, which gradually increases the sophistication of honeypots' interactions with adversaries, (2) designed and developed a low-interaction honeypot for cameras that allowed researchers to gain a deeper understanding of what attackers are targeting, and (3) devised an innovative data analytics method to identify the goals of adversaries. Our honeypots have been active for over three years. We were able to collect increasingly sophisticated attack data in each phase. Furthermore, our data analytics points to the fact that the vast majority of attack activities captured in the honeypots share significant similarity, and can be clustered and grouped to better understand the goals, patterns, and trends of IoT attacks in the wild.

Cryptography and Security,Machine Learning

Francesco Gadaleta,Raoul Strackx,Nick Nikiforakis,Frank Piessens,Wouter Joosen

DOI: https://doi.org/10.48550/arXiv.1405.6058

2014-05-22

Abstract:Protecting commodity operating systems and applications against malware and targeted attacks has proven to be difficult. In recent years, virtualization has received attention from security researchers who utilize it to harden existing systems and provide strong security guarantees. This has lead to interesting use cases such as cloud computing where possibly sensitive data is processed on remote, third party systems. The migration and processing of data in remote servers, poses new technical and legal questions, such as which security measures should be taken to protect this data or how can it be proven that execution of code wasn't tampered with. In this paper we focus on technological aspects. We discuss the various possibilities of security within the virtualization layer and we use as a case study \HelloRootkitty{}, a lightweight invariance-enforcing framework which allows an operating system to recover from kernel-level attacks. In addition to \HelloRootkitty{}, we also explore the use of special hardware chips as a way of further protecting and guaranteeing the integrity of a virtualized system.

Cryptography and Security