Learning Probe Attack Patterns with Honeypots

  • Kanchan Shendre
  • Santosh Kumar Sahu
  • Ratnakar Dash
  • Sanjay Kumar Jena
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 44)

Abstract

The rapid growth of internet and internet based applications has given rise to the number of attacks on the network. The way the attacker attacks the system differs from one attacker to the other. The sequence of attack or the signature of an attacker should be stored, analyzed and used to generate rules for mitigating future attack attempts. In this paper, we have deployed honeypot to record the activities of the attacker. While the attacker prepares for an attack, the IDS redirects him to the honeypot. We make the attacker to believe that he is working with the actual system. The activities related to the attack are recorded by the honeypot by interacting with the intruder. The recorded activities are analyzed by the network administrator and the rule database is updated. As a result, we improve the detection accuracy and security of the system using honeypot without any loss or damage to the original system.

Keywords

Honeypot Virtual honeypot Intrusion detection system Honeyd 

References

  1. 1.
    Provos, N., Holz, T.: Virtual Honeypots: from Botnet Tracking to Intrusion Detection. Pearson Education, New Delhi (2007)Google Scholar
  2. 2.
    Quynh, N.A., Takefuji, Y.: Towards an Invisible Honeypot Monitoring System, Information Security and Privacy. Springer, Berlin (2006)Google Scholar
  3. 3.
    Chamotra, S., et al.: Deployment of a low interaction honey pot in an organizational private network. In: International Conference on Emerging Trends in Networks and Computer Communications (ETNCC), IEEE, 2011Google Scholar
  4. 4.
    Kuwatly, I., et al.: A dynamic honeypot design for intrusion detection. In: International Conference on Pervasive Services, ICPS 2004. IEEE/ACS, IEEE (2004)Google Scholar
  5. 5.
    Alata, E., et al.: Lessons learned from the deployment of a high-interaction honeypot. arXiv preprint arXiv:0704.0858 (2007)
  6. 6.
    Das, V.V.: Honeypot scheme for distributed denial-of-service. In: International Conference on Advanced Computer Control, ICACC’09. IEEE (2009)Google Scholar
  7. 7.
    Li, S., Schmitz, R.: A novel anti-phishing framework based on honeypots. IEEE (2009)Google Scholar
  8. 8.
    Zhuge, J., et al.: Collecting autonomous spreading malware using high-interaction honeypots. In: Information and Communications Security. Springer, Berlin, pp. 438–451 (2007)Google Scholar
  9. 9.
    Spitzner, L.: Honeypots: Catching the insider threat. In: Proceedings of 19th Annual Computer Security Applications Conference, IEEE (2003)Google Scholar
  10. 10.
    Almotairi, S., et al.: A technique for detecting new attacks in low-interaction honeypot traffic. In: Fourth International Conference on Internet Monitoring and Protection, ICIMP’09. IEEE (2009)Google Scholar

Copyright information

© Springer India 2016

Authors and Affiliations

  • Kanchan Shendre
    • 1
  • Santosh Kumar Sahu
    • 1
  • Ratnakar Dash
    • 1
  • Sanjay Kumar Jena
    • 1
  1. 1.National Institute of TechnologyRourkelaIndia

Personalised recommendations