Skip to main content
SpringerLink
Log in

SWIM: An Effective Method to Perceive Cyberspace Situation from Honeynet

  • Research Article - Computer Engineering and Computer Science
  • Published:
Arabian Journal for Science and Engineering Aims and scope Submit manuscript

Abstract

As a traditional and impactful proactive defense technology, honeynet is used by network defender to imitate normal production process, which traps and captures the behavior of attackers in order to analyze the methods and tools, and also to forecast the attacking intention and situation. However, the data obtained from honeynet usually have problems such as multiple types, high redundancy and low semantics level, which make it difficult to indicate network security situation directly. Through studying biological immune mechanism, a honeynet security warning model based on Danger Theory (an “SWIM”) is proposed. By utilizing the dendritic cell algorithm, this article discusses in detail the definition and mapping for input signals, capture of honeynet antigens, fundamental analysis for output signals, as well as the security early warning. The simulation results show that, in the face of typical network attacks, SWIM accurately reflects the attacking strength, which is capable of implementing the efficient network early warning.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Spitzner, L.: The honeynet project: trapping the hackers. IEEE Secur. Priv. 1(2), 15–23 (2003)

    Article  Google Scholar 

  2. Olagunju A.O.; Samu F.: In search of effective honeypot and honeynet systems for real-time intrusion detection and prevention. In: Proceedings of the 5th Annual Conference on Research in Information Technology. Boston, pp. 41–46 (2016)

  3. Thonnarda, O.; Dacierb, M.: A framework for attack patterns’ discovery in honeynet data. Digital Investig. 5, 128–139 (2008)

    Article  Google Scholar 

  4. Kaur, R.; Nagpal, E.S.; Chamotra, S.: Malicious traffic detection in a private organizational network using honeynet system. In: 2015 Annual IEEE India Conference (INDICON), 176–182. IEEE Press, New York (2015)

  5. Jiang, C.B.; Liu, I.; Chung, Y.N.: Novel intrusion prediction mechanism based on honeypot log similarity. Int. J. Netw. Manag. 26(3), 156–175 (2016)

    Article  Google Scholar 

  6. Pan, X.; Yegneswaran. V.; Chen Y.; et. al.: HogMap: using sdns to incentivize collaborative security monitoring. In: 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, pp. 7-12. ACM Press (2016)

  7. Barford, P.; Chen, Y.; Goyal, A.; et al.: Employing honeynets for network situational awareness. Adv. Inf. Secur. 46, 71–102 (2010)

    Article  Google Scholar 

  8. Pham, V.; Dacier, M.: Honeypot trace forensics: the observation viewpoint matters. Future Gener. Comput. Syst. 27(5), 539–546 (2011)

    Article  Google Scholar 

  9. Polly, M.: The danger model: a renewed sense of self. Science 296(12), 301–305 (2002)

    Google Scholar 

  10. Seresht, N.A.; Azmi, R.: MAIS-IDS: a distributed intrusion detection system using multi-agent AIS approach. Eng. Appl. Artif. Intell. 35(10), 286–298 (2014)

    Article  Google Scholar 

  11. Oliveira, D.; Navarro, J.; Wetzel, N.; Bucci, M.: Ianus: secure and holistic coexistence with kernel extensions—an immune system-inspired approach. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 1672–1679 (2014)

  12. John C.; Hala E.: Malware detection inspired by the human immune system and making use of honeytokens. In: Proceedings of the 18th Symposium on Communications & Networking, pp. 37–43 (2015)

  13. Sun, F.X.: Artificial immune danger theory based model for network security evaluation. J. Netw. 6(2), 255–262 (2011)

  14. Fan, W.; Fernández, D.; Du, Z.: Versatile virtual honeynet management framework. IET Inf. Secur. 11(1), 38–45 (2017)

    Article  Google Scholar 

  15. Han, W.; Zhao, Z.; Doupé, A.; Ahn, G.: HoneyMix: Toward SDN-based Intelligent Honeynet. In: Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization. ACM Press (2016)

  16. Nurmi, J.; Kannisto, J.; Vajaranta, M.: Observing hidden service directory spying with a private hidden service honeynet. In: 2016 11th Asia Joint Conference on Information Security (AsiaJCIS), pp. 55–59 (2016)

  17. Greensmith, J.; Aickelin, U.; Cayzer, S.: Introducing Dendritic Cells as a Novel Immune-Inspired Algorithm for Anomaly Detection. In: 4th International Conference on Artificial Immune Systems, pp. 15–167. Springer-Verlag (2010)

  18. Lokesh, M.R.; Kumaraswamy, Y.S.: State awareness towards resiliency in cyber-physical system: a modified danger theory based deterministic Dendritic Cell Algorithm approach. In: Proceedings of IEEE International Conference on Computer Graphics, Vision and Information Security, pp. 201–208 (2015)

  19. Wang, Y.; Wang, Z.; Zhang, L.; et al.: Situation assessment model for inter-domain routing system. IET Softw. 8, 53–61 (2013)

    Article  Google Scholar 

  20. Suhair, A.; Joshua, L.: Danger theory concepts improving malware detection of intrusion detection systems that uses exact graphs. In: International Conference on Computational Science and Computational Intelligence (CSCI), pp. 232–237 (2015)

  21. Mihai-Gabriel, I.; Victor-Valeriu, P.: Achieving DDoS resiliency in a software defined network by intelligent risk assessment based on neural networks and danger theory. In: 2014 IEEE 15th International Symposium on Computational Intelligence and Informatics (CINTI), pp. 319–324 (2014)

  22. Aickelin, U.; Bentley, P.; Cayzer, S.; Kim, J.; McLeod, J.: Danger theory: the link between AIS and IDS? In: Proceedings ICARIS-2003, 2nd International Conference on Artificial Immune Systems, pp. 147–155 (2003)

  23. Williams, C.A.; Harry, R.A.; Mcleod, J.D.: Apoptotic cells induce dendritic cell-mediated suppression via interferon-Y-induced IDO[J]. Immunology 124(1), 89–101 (2008)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Computer Science, Henan University of Engineering, Zhengzhou, China

    Yu Wang & Tianqiang Peng

  2. Institute for Network Science and Cyberspace, Tsinghua University, Beijing, China

    Yi Guo

  3. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou, China

    Liancheng Zhang

Authors
  1. Yu Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yi Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Liancheng Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tianqiang Peng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yu Wang.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wang, Y., Guo, Y., Zhang, L. et al. SWIM: An Effective Method to Perceive Cyberspace Situation from Honeynet. Arab J Sci Eng 43, 6863–6872 (2018). https://doi.org/10.1007/s13369-017-2904-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13369-017-2904-5

Keywords

Search

Navigation