Abstract
The honeypot can record attacker’s aggressive behavior and analyze methods of attack in order to develop more intelligent protection policies in the system. While traditional honeypot technology has evolved from static configuration over to the dynamic deployment and greatly reduces the possibility of an attacker identifying a honeypot. But most of the prior technology, there are passive listening, high maintenance costs, controllable weak, low monitoring coverage, easy to identify and other issues. In this paper, T-Pot Multi-platform honeypot based Snort and OpenFlow technology, we proposed the attack traffic into the Multi-platform honeypot to prevent further harm to the system. In order to reduce system load and improve system performance, perform feature extraction and modeling analysis on the attack data set, and Based on the ATT&CK model, a multi-honeypot platform for APT attack recognition is implemented.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Gao, Y., Iqbal, S., et al.: Performance and power analysis of high-density multi-GPGPU architectures: a preliminary case study. In: IEEE 17th HPCC (2015)
Qiu, H., Qiu, M., Memmi, G., Ming, Z., Liu, M.: A dynamic scalable blockchain based communication architecture for IoT. In: Qiu, M. (ed.) SmartBlock 2018. LNCS, vol. 11373, pp. 159–166. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-05764-0_17
Thakur, K., Qiu, M., Gai, K., Ali, M.: An investigation on cyber security threats and security models. In: IEEE CSCloud (2015)
Gai, K., Qiu, M., Sun, X., Zhao, H.: Security and privacy issues: a survey on FinTech. In: Qiu, M. (ed.) SmartCom 2016. LNCS, vol. 10135, pp. 236–247. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-52015-5_24
Zhang, Z., Wu, J., et al.: Jamming ACK attack to wireless networks and a mitigation approach. In: IEEE GLOBECOM Conference, pp. 1–5 (2008)
Stojanović, B., Hofer-Schmitz, K., Kleb, U.: APT datasets and attack modeling for automated detection methods: a review. Comput. Secur. 92, 101734 (2020)
Chen, R., Zhang, X., Niu, W., et al.: Research on APT attack detection and countermeasure technology system. J. Univ. Elec. Sci. Tech. China 48(06), 870–879 (2019)
Hai-Bo, L.I.U., Tian-Bo, W.U., Jing, S.H.E.N., et al.: APT attack detection based on GAN-LSTM. Comput. Sci. 47(01), 281–286 (2020)
Qin, Y., Liu, S., Liu, L.: Analysis of telecommunications fraud technique such as forged web pages and malicious links. J. Jiangxi Police Inst. 04, 29–33 (2018)
Shi, L.-Y., Li, Y., Ma, M.-F.: New development of honeypot technology research. J. Electron. Inf. Technol. 41(02), 498–508 (2019)
Song, C.-Y., Han, X.-H., Ye, Z.-Y.: Attack scene capture and reconstruction method based on honeynet technology. Netinfo Secur. 10, 41–43 (2009)
Jia, Z.-P., Fang, B.-X., Liu, C.-G., et al.: Overview of network deception technology. J. Commun. 38(12), 128–143 (2017)
Cicioğlu, M., Çalhan, A.: Energy-efficient and SDN-enabled routing algorithm for wireless body area networks. Comput. Commun. 160, 228–239 (2020)
Zuo, Q.-Y., Chen, M., Zhao, G.-S., et al.: Research on SDN technology based on OpenFlow. J. Softw. 24(05), 1078–1097 (2013)
T-Pot documentation. https://dtag-dev-sec.github.io/mediator/feature/2019/04/01/tpot
Acknowledgement
This paper analyzes the development of honeypot and the advantages and disadvantages of the current honeypot technology, and proposes a multi-honeypot platform based on Snort and OpenFlow as a general host intrusion method. In combination with the ATT&CK model in the initial access and execution stage, the response scheme is proposed. In order to reduce the system load, tF-IDF algorithm is used to extract the characteristics of the traffic and conduct modeling analysis.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Dai, B., Zhang, Z., Wang, L., Liu, Y. (2022). APT Attack Heuristic Induction Honeypot Platform Based on Snort and OpenFlow. In: Qiu, M., Gai, K., Qiu, H. (eds) Smart Computing and Communication. SmartCom 2021. Lecture Notes in Computer Science, vol 13202. Springer, Cham. https://doi.org/10.1007/978-3-030-97774-0_31
Download citation
DOI: https://doi.org/10.1007/978-3-030-97774-0_31
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-97773-3
Online ISBN: 978-3-030-97774-0
eBook Packages: Computer ScienceComputer Science (R0)