Abstract
The menace of attackers over the network is unstoppable for the past two decades. The security practitioners and researchers are devising mechanisms to safeguard the network and its components, but still attackers emerge with cutting edge technologies to disturb the intention of legitimate users in the network. Thus, before devising proper defensive mechanisms against a specific attack, it is essential to understand the motive and strategies of the attackers with the proper clarity. This paper presents a virtual honeynet framework to record all the attackers’ activities and analyzes the strategies, tools, and mechanisms followed by the attacker, in a real-time manner. We analyzed the recorded attacks in our framework with respect to different parameters like protocol, ports, honeypots, and IDPS tools to understand the motive behind the attacks. This novel virtual honeynet architecture will give insight to the readers and security practitioners to understand the strategies followed by the attackers as well as the way of designing different traps to secretly follow the attackers in the road toward foolproof safeguarding mechanisms.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kreibich, C., Crowcroft, J.: Honeycomb: creating intrusion detection signatures using honeypots. ACM SIGCOMM Comput. Commun. Rev. 34(1), 51–56 (2004)
Spitzner, L.: Honeypots: catching the insider threat. In: Proceedings of 19th Annual Computer Security Applications Conference. IEEE, Las Vegas, NV, USA (2003). https://doi.org/10.1109/csac.2003.1254322
Weiler, N.: Honeypots for distributed denial-of-service attacks. In: Proceedings. Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises. IEEE, Pittsburgh, PA, USA. https://doi.org/10.1109/enabl.2002.1029997
Alata, E., Nicomette, V., Kaaniche, M., Dacier, M., Herrb, M.: Lessons learned from the deployment of a high-interaction honeypot. Sixth European Dependable Comput. Conf. (2006). https://doi.org/10.1109/EDCC.2006.17,IEEE,Coimbra,Portugal
Liu, X., Peng, L., Li, C.: The dynamic honeypot design and implementation based on honeyd. In: Lin S., Huang X. (eds) Advances in Computer Science, Environment, Ecoinformatics, and Education. CSEE 2011. Communications in Computer and Information Science, vol. 214. Springer, Berlin, Heidelberg (2011)
Li, P.: Selecting and using virtualization solutions: our experiences with VMware and VirtualBox. J. Comput. Sci. Coll. 25(3), 11–17 (2010)
Chowdhury, N.M.M.K., Bouta, R.: A survey of network virtualization. Comput. Netw. 54(5), 862–876 (2010). Elsevier
Yan, L.K.: Virtual honeynets revisited. In: Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop. IEEE, West Point, NY, USA. https://doi.org/10.1109/iaw.2005.1495957
Chamales, G.: The honeywall CD-ROM. IEEE Sec. Priv. IEEE. https://doi.org/10.1109/msecp.2004.1281253
Provos, N.: Honeyd: A Virtual Honeypot Daemon”, 10th DFN-CERT Workshop. Hamburg, Germany (2003)
Ding, J.-H., Chang, P.-C., Hsu, W.-C., Chung, Y.-C.: PQEMU: a parallel system emulator based on QEMU. In: IEEE 17th International Conference on Parallel and Distributed Systems. IEEE (2011). https://doi.org/10.1109/icpads.2011.102
Sochor, T., Zuzcak, M.: High-interaction linux honeypot architecture in recent perspective. In: Gaj P, Kwiecień A, Stera P. (eds) Computer Networks
Jiang, X., Wang, X.: Out-of-the-box monitoring of VM-based high-interaction honeypots. In: Kruegel C., Lippmann R., Clark A. (eds) Recent Advances in Intrusion Detection. RAID 2007. Lecture Notes in Computer Science, vol. 4637. Springer, Berlin, Heidelberg (2007)
Rogers, M.K., Goldman, J., Mislan, R., Wedge, T., Debrota, S.: Computer forensics field triage process model. J. Digit. Forensics Sec. Law 1(2), Article 2 (2006). https://doi.org/10.15394/jdfsl.2006.1004
Kenkre, P.S., Pai, A., Colaco, L.: Real time intrusion detection and prevention system. In: Satapathy S., Biswal B., Udgata S., Mandal J. (eds) Proceedings of the 3rd International Conference on Frontiers of Intelligent Computing: Theory and Applications (FICTA) 2014. Advances in Intelligent Systems and Computing, vol. 327. Springer (2015)
de Vivo, M., Carrasco, E., Isern, G., de Vivo, G.O.: A review of port scanning techniques. ACM SIGCOMM Comput. Commun. Rev. 29(2), 41–48 (1999). ACM New York, NY, USA
CN.: Communications in Computer and Information Science, vol. 608. Springer (2016)
Wassermann, G., Su, Z.: Static detection of cross-site scripting vulnerabilities. In: Proceeding ICSE ‘08 Proceedings of the 30th international conference on Software engineering, pp. 171–180. ACM, New York (2008)
Hubczyk, M., Domanski, A., Domanska, J.: Local and remote file inclusion. In: Kapczyński, A., Tkacz, E., Rostanski, M. (eds.) Internet—Technical Developments and Applications, Advances in Intelligent and Soft Computing, vol. 118. Springer, Berlin (2012)
Xie, Y., Yu, F., Achan, K., Panigrahy, R., Hulten, G., Osipkov, I.: Spamming botnets: signatures and characteristics. ACM SIGCOMM Comput. Commun. Rev. 38(4), 171–182 (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Ganesarathinam, R., Prabakar, M.A., Singaravelu, M., Fernandez, A.L. (2020). A Detailed Analysis of Intruders’ Activities in the Network Through the Real-Time Virtual Honeynet Experimentation. In: Dash, S., Lakshmi, C., Das, S., Panigrahi, B. (eds) Artificial Intelligence and Evolutionary Computations in Engineering Systems. Advances in Intelligent Systems and Computing, vol 1056. Springer, Singapore. https://doi.org/10.1007/978-981-15-0199-9_4
Download citation
DOI: https://doi.org/10.1007/978-981-15-0199-9_4
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-0198-2
Online ISBN: 978-981-15-0199-9
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)