Traditional honeypot is in fact a "passive proactive" defense mechanism because it may lose the value entirely once the adversary has detected the existence of the static trap and bypassed it.Our work focuse...Traditional honeypot is in fact a "passive proactive" defense mechanism because it may lose the value entirely once the adversary has detected the existence of the static trap and bypassed it.Our work focuses on a Self-Election dynamic honeypot framework which aims to bewilder attackers by coordinating and switching roles periodically to form a huge dynamic puzzle.In this paper,we discuss the UDP Spokesman synchronization scheme and the Self-Election coordination method,perform the framework simulation of the dynamic array honeypot with NS2,carry out the prototype implementation by Java,and then validate the effectiveness and feasibility on the simulation and prototype system.The promising results of applying this framework to mitigate the effects of attacks are shown and analyzed.Our work demonstrates that the Self-Election dynamic array honeypot system is feasible and effective for proactive network confrontation.展开更多
Honeypot is a recent developed computer security concept which uses active offense to against attacks from hackers . It lures hackers to attack a seemly vulnerable fake network where they could be well observed in ord...Honeypot is a recent developed computer security concept which uses active offense to against attacks from hackers . It lures hackers to attack a seemly vulnerable fake network where they could be well observed in order to learn about the tactics and tools used by the attackers, so that we may improve the system security accordingly later. In this paper, we propose a novel approach for redirecting technique in honeypot system. First, we introduce briefly concepts of the honeypot system. Then we describe a redirection technique and an implementation algorithm. Finally, using the IDS Snort and the firewall IPTable, we set up a testing environment and give some simulations results. We also discuss some future research topics.展开更多
Attacks on the cyber space is getting exponential in recent times.Illegal penetrations and breaches are real threats to the individuals and organizations.Conventional security systems are good enough to detect the kno...Attacks on the cyber space is getting exponential in recent times.Illegal penetrations and breaches are real threats to the individuals and organizations.Conventional security systems are good enough to detect the known threats but when it comes to Advanced Persistent Threats(APTs)they fails.These APTs are targeted,more sophisticated and very persistent and incorporates lot of evasive techniques to bypass the existing defenses.Hence,there is a need for an effective defense system that can achieve a complete reliance of security.To address the above-mentioned issues,this paper proposes a novel honeypot system that tracks the anonymous behavior of the APT threats.The key idea of honeypot leverages the concepts of graph theory to detect such targeted attacks.The proposed honey-pot is self-realizing,strategic assisted which withholds the APTs actionable tech-niques and observes the behavior for analysis and modelling.The proposed graph theory based self learning honeypot using the resultsγ(C(n,1)),γc(C(n,1)),γsc(C(n,1))outperforms traditional techniques by detecting APTs behavioral with detection rate of 96%.展开更多
A space called Unmanned Aerial Vehicle(UAV)cyber is a new environment where UAV,Ground Control Station(GCS)and business processes are integrated.Denial of service(DoS)attack is a standard network attack method,especia...A space called Unmanned Aerial Vehicle(UAV)cyber is a new environment where UAV,Ground Control Station(GCS)and business processes are integrated.Denial of service(DoS)attack is a standard network attack method,especially suitable for attacking the UAV cyber.It is a robust security risk for UAV cyber and has recently become an active research area.Game theory is typically used to simulate the existing offensive and defensive mechanisms for DoS attacks in a traditional network.In addition,the honeypot,an effective security vulnerability defense mechanism,has not been widely adopted or modeled for defense against DoS attack UAV cyber.With this motivation,the current research paper presents a honeypot game theorymodel that considersGCS andDoS attacks,which is used to study the interaction between attack and defense to optimize defense strategies.The GCS and honeypot act as defenses against DoS attacks in this model,and both players select their appropriate methods and build their benefit function models.On this basis,a hierarchical honeypot and G2A network delay reward strategy are introduced so that the defender and the attacker can adjust their respective strategies dynamically.Finally,by adjusting the degree of camouflage of the honeypot for UAV network services,the overall revenue of the defender can be effectively improved.The proposed method proves the existence of a mixed strategy Nash equilibrium and compares it with the existing research on no delay rewards and no honeypot defense scheme.In addition,this method realizes that the UAV cyber still guarantees a network delay of about ten milliseconds in the presence of a DoS attack.The results demonstrate that our methodology is superior to that of previous studies.展开更多
Mitigating increasing cyberattack incidents may require strategies such as reinforcing organizations’ networks with Honeypots and effectively analyzing attack traffic for detection of zero-day attacks and vulnerabili...Mitigating increasing cyberattack incidents may require strategies such as reinforcing organizations’ networks with Honeypots and effectively analyzing attack traffic for detection of zero-day attacks and vulnerabilities. To effectively detect and mitigate cyberattacks, both computerized and visual analyses are typically required. However, most security analysts are not adequately trained in visualization principles and/or methods, which is required for effective visual perception of useful attack information hidden in attack data. Additionally, Honeypot has proven useful in cyberattack research, but no studies have comprehensively investigated visualization practices in the field. In this paper, we reviewed visualization practices and methods commonly used in the discovery and communication of attack patterns based on Honeypot network traffic data. Using the PRISMA methodology, we identified and screened 218 papers and evaluated only 37 papers having a high impact. Most Honeypot papers conducted summary statistics of Honeypot data based on static data metrics such as IP address, port, and packet size. They visually analyzed Honeypot attack data using simple graphical methods (such as line, bar, and pie charts) that tend to hide useful attack information. Furthermore, only a few papers conducted extended attack analysis, and commonly visualized attack data using scatter and linear plots. Papers rarely included simple yet sophisticated graphical methods, such as box plots and histograms, which allow for critical evaluation of analysis results. While a significant number of automated visualization tools have incorporated visualization standards by default, the construction of effective and expressive graphical methods for easy pattern discovery and explainable insights still requires applied knowledge and skill of visualization principles and tools, and occasionally, an interdisciplinary collaboration with peers. We, therefore, suggest the need, going forward, for non-classical graphical methods for visualizing attack patterns and communicating analysis results. We also recommend training investigators in visualization principles and standards for effective visual perception and presentation.展开更多
基金National Natural Science Foundation of China under Grant No.60973141the Foundation of Excellent Young Scientist of Shandong Province under Grant No. BS2009DX019the Fundamental Research Funds for the Central Universities under Grant No. 27R0907018A
文摘Traditional honeypot is in fact a "passive proactive" defense mechanism because it may lose the value entirely once the adversary has detected the existence of the static trap and bypassed it.Our work focuses on a Self-Election dynamic honeypot framework which aims to bewilder attackers by coordinating and switching roles periodically to form a huge dynamic puzzle.In this paper,we discuss the UDP Spokesman synchronization scheme and the Self-Election coordination method,perform the framework simulation of the dynamic array honeypot with NS2,carry out the prototype implementation by Java,and then validate the effectiveness and feasibility on the simulation and prototype system.The promising results of applying this framework to mitigate the effects of attacks are shown and analyzed.Our work demonstrates that the Self-Election dynamic array honeypot system is feasible and effective for proactive network confrontation.
基金This workis supported by Natural Science Foundation of Jiangsu Province (BK2004218 ,BK2003106) Pandeng Project of Nanjing Universities of Postsand Telecommunications.
文摘Honeypot is a recent developed computer security concept which uses active offense to against attacks from hackers . It lures hackers to attack a seemly vulnerable fake network where they could be well observed in order to learn about the tactics and tools used by the attackers, so that we may improve the system security accordingly later. In this paper, we propose a novel approach for redirecting technique in honeypot system. First, we introduce briefly concepts of the honeypot system. Then we describe a redirection technique and an implementation algorithm. Finally, using the IDS Snort and the firewall IPTable, we set up a testing environment and give some simulations results. We also discuss some future research topics.
文摘Attacks on the cyber space is getting exponential in recent times.Illegal penetrations and breaches are real threats to the individuals and organizations.Conventional security systems are good enough to detect the known threats but when it comes to Advanced Persistent Threats(APTs)they fails.These APTs are targeted,more sophisticated and very persistent and incorporates lot of evasive techniques to bypass the existing defenses.Hence,there is a need for an effective defense system that can achieve a complete reliance of security.To address the above-mentioned issues,this paper proposes a novel honeypot system that tracks the anonymous behavior of the APT threats.The key idea of honeypot leverages the concepts of graph theory to detect such targeted attacks.The proposed honey-pot is self-realizing,strategic assisted which withholds the APTs actionable tech-niques and observes the behavior for analysis and modelling.The proposed graph theory based self learning honeypot using the resultsγ(C(n,1)),γc(C(n,1)),γsc(C(n,1))outperforms traditional techniques by detecting APTs behavioral with detection rate of 96%.
基金Basic Scientific Research program of China JCKY2020203C025 funding is involved in this study.
文摘A space called Unmanned Aerial Vehicle(UAV)cyber is a new environment where UAV,Ground Control Station(GCS)and business processes are integrated.Denial of service(DoS)attack is a standard network attack method,especially suitable for attacking the UAV cyber.It is a robust security risk for UAV cyber and has recently become an active research area.Game theory is typically used to simulate the existing offensive and defensive mechanisms for DoS attacks in a traditional network.In addition,the honeypot,an effective security vulnerability defense mechanism,has not been widely adopted or modeled for defense against DoS attack UAV cyber.With this motivation,the current research paper presents a honeypot game theorymodel that considersGCS andDoS attacks,which is used to study the interaction between attack and defense to optimize defense strategies.The GCS and honeypot act as defenses against DoS attacks in this model,and both players select their appropriate methods and build their benefit function models.On this basis,a hierarchical honeypot and G2A network delay reward strategy are introduced so that the defender and the attacker can adjust their respective strategies dynamically.Finally,by adjusting the degree of camouflage of the honeypot for UAV network services,the overall revenue of the defender can be effectively improved.The proposed method proves the existence of a mixed strategy Nash equilibrium and compares it with the existing research on no delay rewards and no honeypot defense scheme.In addition,this method realizes that the UAV cyber still guarantees a network delay of about ten milliseconds in the presence of a DoS attack.The results demonstrate that our methodology is superior to that of previous studies.
文摘Mitigating increasing cyberattack incidents may require strategies such as reinforcing organizations’ networks with Honeypots and effectively analyzing attack traffic for detection of zero-day attacks and vulnerabilities. To effectively detect and mitigate cyberattacks, both computerized and visual analyses are typically required. However, most security analysts are not adequately trained in visualization principles and/or methods, which is required for effective visual perception of useful attack information hidden in attack data. Additionally, Honeypot has proven useful in cyberattack research, but no studies have comprehensively investigated visualization practices in the field. In this paper, we reviewed visualization practices and methods commonly used in the discovery and communication of attack patterns based on Honeypot network traffic data. Using the PRISMA methodology, we identified and screened 218 papers and evaluated only 37 papers having a high impact. Most Honeypot papers conducted summary statistics of Honeypot data based on static data metrics such as IP address, port, and packet size. They visually analyzed Honeypot attack data using simple graphical methods (such as line, bar, and pie charts) that tend to hide useful attack information. Furthermore, only a few papers conducted extended attack analysis, and commonly visualized attack data using scatter and linear plots. Papers rarely included simple yet sophisticated graphical methods, such as box plots and histograms, which allow for critical evaluation of analysis results. While a significant number of automated visualization tools have incorporated visualization standards by default, the construction of effective and expressive graphical methods for easy pattern discovery and explainable insights still requires applied knowledge and skill of visualization principles and tools, and occasionally, an interdisciplinary collaboration with peers. We, therefore, suggest the need, going forward, for non-classical graphical methods for visualizing attack patterns and communicating analysis results. We also recommend training investigators in visualization principles and standards for effective visual perception and presentation.
