Automatic Identification of Honeypot Server Using Machine Learning Techniques

Huang, Cheng; Han, Jiaxuan; Zhang, Xing; Liu, Jiayong

doi:10.1155/2019/2627608

Cited by 19 publications

(16 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…One of the most common AI detection solutions used in the literature is AI techniques. Many AI techniques involving machine learning (ML) and deep learning (DL) that have been proposed by various researchers are either network-centric [1,3,6,7,79,[82][83][84][90][91][92][93]103,107,[111][112][113]116,118,121,125,130,131,[133][134][135][136][137][139][140][141][142][143][144][145][146][147][148][149][150][151][152], device behavior-centric [105,109,138], application-centric [5,86,110,…”

Section: Rq2: What Are the Proposed Defensive Mechanisms Available To...mentioning

confidence: 99%

Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework

Jabar

Singh

2022

Sensors

View full text Add to dashboard Cite

During the last several years, the Internet of Things (IoT), fog computing, computer security, and cyber-attacks have all grown rapidly on a large scale. Examples of IoT include mobile devices such as tablets and smartphones. Attacks can take place that impact the confidentiality, integrity, and availability (CIA) of the information. One attack that occurs is Advanced Persistent Threat (APT). Attackers can manipulate a device’s behavior, applications, and services. Such manipulations lead to signification of a deviation from a known behavioral baseline for smartphones. In this study, the authors present a Systematic Literature Review (SLR) to provide a survey of the existing literature on APT defense mechanisms, find research gaps, and recommend future directions. The scope of this SLR covers a detailed analysis of most cybersecurity defense mechanisms and cutting-edge solutions. In this research, 112 papers published from 2011 until 2022 were analyzed. This review has explored different approaches used in cybersecurity and their effectiveness in defending against APT attacks. In a conclusion, we recommended a Situational Awareness (SA) model known as Observe–Orient–Decide–Act (OODA) to provide a comprehensive solution to monitor the device’s behavior for APT mitigation.

show abstract

Section: Rq2: What Are the Proposed Defensive Mechanisms Available To...mentioning

confidence: 99%

Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework

Jabar

Singh

2022

Sensors

View full text Add to dashboard Cite

show abstract

“…El Kamel et al [20] proposed an algorithm based on the idea of machine learning clustering to identify the attacker in the trapping point and the result used for the configuration of the later defense strategy. Huang et al [21] introduced a honeypot mechanism that could not be recognized by attackers based on a random forest algorithm. SMDP [22] proposes applying the Markov decision process method to attack trapping, transforms the continuous-time process into an equivalent discrete decision model, uses reinforcement learning to train the model, and finally gets the optimal strategy.…”

Section: Related Workmentioning

confidence: 99%

A Multiphase Dynamic Deployment Mechanism of Virtualized Honeypots Based on Intelligent Attack Path Prediction

Gao

Zhang

Xing

2021

Security and Communication Networks

View full text Add to dashboard Cite

As an important deception defense method, a honeypot can be used to enhance the network’s active defense capability effectively. However, the existing rigid deployment method makes it difficult to deal with the uncertain strategic attack behaviors of the attackers. To solve such a problem, we propose a multiphase dynamic deployment mechanism of virtualized honeypots (MD2VH) based on the intelligent attack path prediction method. MD2VH depicts the attack and defense characteristics of both attackers and defenders through the Bayesian state attack graph, establishes a multiphase dynamic deployment optimization model of the virtualized honeypots based on the extended Markov’s decision-making process, and generates the deployment strategies dynamically by combining the online and offline reinforcement learning methods. Besides, we also implement a prototype system based on software-defined network and virtualization container, so as to evaluate the effectiveness of MD2VH. Experiments results show that the capture rate of MD2VH is maintained at about 90% in the case of both simple topology and complex topology. Compared with the simple intelligent deployment strategy, such a metric is increased by 20% to 60%, and the result is more stable under different types of the attacker’s strategy.

show abstract

“…In addition, Zamiri et al detect GasPot [46], an ATG-based ICS honeypot through probes designed to fetch information about the default configuration and limited emulation of the protocols [47]. [22]. The method follows a recursive probing process to obtain featured data for classification.…”

Section: Related Workmentioning

confidence: 99%

Gotta catch 'em all: a Multistage Framework for honeypot fingerprinting

Srinivasa¹,

Pedersen²,

Vasilomanolakis³

2021

Preprint

View full text Add to dashboard Cite

Honeypots are decoy systems that lure attackers by presenting them with a seemingly vulnerable system. They provide an early detection mechanism as well as a method for learning how adversaries work and think. However, over the last years a number of researchers have shown methods for fingerprinting honeypots. This significantly decreases the value of a honeypot; if an attacker is able to recognize the existence of such a system, they can evade it. In this article, we revisit the honeypot identification field, by providing a holistic framework that includes state of the art and novel fingerprinting components. We decrease the probability of false positives by proposing a rigid multi-step approach for labeling a system as a honeypot. We perform extensive scans covering 2.9 billion addresses of the IPv4 space and identify a total of 21, 855 honeypot instances. Moreover, we present a number of interesting side-findings such as the identification of more than 354, 431 non-honeypot systems that represent potentially vulnerable servers (e.g. SSH servers with default password configurations and vulnerable versions). Lastly, we discuss countermeasures against honeypot fingerprinting techniques.

show abstract

Automatic Identification of Honeypot Server Using Machine Learning Techniques

Cited by 19 publications

References 29 publications

Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework

Exploration of Mobile Device Behavior for Mitigating Advanced Persistent Threats (APT): A Systematic Literature Review and Conceptual Framework

A Multiphase Dynamic Deployment Mechanism of Virtualized Honeypots Based on Intelligent Attack Path Prediction

Gotta catch 'em all: a Multistage Framework for honeypot fingerprinting

Contact Info

Product

Resources

About