Abstract
In this paper, a honeypot system has been presented, which conducts a severity analysis of the adversaries who attack it. The Honeypot systems are deployed by various organizations to protect their real systems from external threats. They consist of fake file-systems that remain aloof from the attackers. Honeypots gather logs of the attacks to protect the genuine systems from attackers. However, attackers also deploy honeypot detection tools. To defer detection from the attackers, a Q-learning based on an SSH-based honeypot named Cowrie has been implemented to make it adaptive and obtain as much information as possible about the intruder. Severity analysis has been implemented to classify attacks based on their severity. This can be used by real systems to enhance their firewalls, Intrusion Detection Systems, and other security mechanisms against these threats.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Ayeni O, Alese B, Omotosho L (2013) Design and implementation of a medium interaction honeypot. Int J Comput Appl 975:8887
Bhanuprakash, C., Nijagunarya, Y. & Jayaram, M. (2014) A simple approach to sql joins in a relational algebraic notation. Int J Comput Appl 104(4)
Bringer ML, Chelmecki CA, Fujinoki H (2012) A survey: recent advances and future trends in honeypot research. Int J Comput Netw Inform Security 4(10):63
Catuogno, L., Castiglione, A. & Palmieri, F. (2015) A honeypot system with honeyword-driven fake interactive sessions. In: 2015 international conference on high performance computing & simulation (HPCS), IEEE, pp. 187–194
Dowling, S., Schukat, M. & Barrett, E. (2018) Using reinforcement learning to conceal honeypot functionality. In: Joint European conference on machine learning and knowledge discovery in databases, Springer, pp. 341–355
Fraunholz, D., Krohmer, D., Anton, S. D. & Schotten, H. D. (2017) Investigation of cybercrime conducted by abusing weak or default passwords with a medium interaction honeypot. In: 2017 international conference on cyber security and protection of digital services (Cyber Security), IEEE, pp. 1–7
Hemavathy, N. & Indumathi, P. (2020) Deep learning-based hybrid dynamic biased track (dl-hdbt) routing for under water acoustic sensor networks. J Ambient Intell Human Comput pp 1–15
Holz T, Raynal F (2005) Detecting honeypots and other suspicious environments. In: Proceedings from the sixth annual IEEE SMC information assurance workshop, IEEE, pp 29–36
Jang B, Kim M, Harerimana G, Kim JW (2019) Q-learning algorithms: A comprehensive classification and applications. IEEE Access 7:133653–133667
Jazayeri F, Shahidinejad A, Ghobaei-Arani M (2020) Autonomous computation offloading and auto-scaling the in the mobile fog computing: a deep reinforcement learning-based approach. Journal of Ambient Intelligence and Humanized Computing pp. 1–20
Juels A, Rivest RL (2013) Honeywords: making password-cracking detectable. In: Proceedings of the 2013 ACM SIGSAC conference on computer & communications security, pp 145–160
Kumar A, Abhishek K, Ghalib MR, Nerurkar P, Shah K, Chandane M, Bhirud S, Patel D, Busnel Y (2020) Towards cough sound analysis using the internet of things and deep learning for pulmonary disease prediction. Transactions on Emerging Telecommunications Technologies p e4184
Kumar A, Abhishek K, Shah K, Patel D, Jain Y, Chheda H, Nerurkar P (2020) Malware detection using machine learning. Iberoamerican Knowledge Graphs and Semantic Web Conference, Springer, pp. 61–71
Lavrac N, Dzeroski S (1994) Inductive logic programming. Springer, WLP, pp 146–160
Mokube, I. & Adams, M. (2007) Honeypots: concepts, approaches, and challenges. In: Proceedings of the 45th annual southeast regional conference, pp. 321–326
Naik N, Jenkins P, Savage N (2018) Threat-aware honeypot for discovering and predicting fingerprinting attacks using principal components analysis. In: 2018 IEEE symposium series on computational intelligence (SSCI), IEEE, pp 623–630
Nerurkar P, Busnel Y, Ludinard R, Shah K, Bhirud S, Patel D (2020) Detecting illicit entities in bitcoin using supervised learning of ensemble decision trees. In: Proceedings of the 2020 10th international conference on information communication and management, pp 25–30
Nicomette V, Kaaniche M, Alata E, Herrb M (2011) Set-up and deployment of a high-interaction honeypot: experiment and lessons learned. J Comput Virol 7(2):143–157
Paliwal S (2017) Honeypot: A trap for attackers. Int J Adv Res Comput Commun Eng 6(3):842–845
Pauna A (2012) Improved self-adaptive honeypots capable of detecting rootkit malware. In: 9th international conference on communications (COMM), IEEE, pp. 281–284
Pauna A, Bica I (2014) Rassh-reinforced adaptive ssh honeypot. In: 10th international conference on communications (COMM), IEEE, pp. 1–6
Pauna A, Patriciu VV (2014) Casshh–case adaptive ssh honeypot. In: International conference on security in computer networks and distributed systems, Springer, pp. 322–333
Pauna A, Iacob A-C, Bica I (2018) Qrassh-a self-adaptive ssh honeypot driven by q-learning. In: International conference on communications (COMM), IEEE, pp 441–446
Pavate A, Kumawat D, Pansambal S, Nerurkar P, Bansode R (n.d.) Machine learning under attack: literature survey. Mach Learning 14, 14–18
Rahmatullah DK, Nasution SM, Azmi F (2016) Implementation of low interaction web server honeypot using cubieboard. In: International conference on control, electronics, renewable energy and communications (ICCEREC), IEEE, pp 127–131
Shah K, Bhandare D, Bhirud S (n.d.) Face recognition-based automated attendance system. In: International conference on innovative computing and communications, Springer, pp. 945–952
Shi L, Zhao J, Jiang L, Xing W, Gong J, Liu X (2016) Game theoretic simulation on the mimicry honeypot. Wuhan Univ J Nat Sci 21(1):69–74
Spitzner, L. (2003) Honeypots: tracking hackers. vol. 1, Reading: Addison- Wesley.
Stolfo S, Bellovin S, Hershkop S, Keromytis A, Sinclair S, Smith S (2008) Insider attack and cyber security. Advances in information security, ISBN 978-0-387-77322-3
Tian Z, Si X, Zheng Y, Chen Z, Li X (2020) Multi-step medical image segmentation based on reinforcement learning. J Ambient Intell Human Comput Online First 2020:1–12
Wagener G, State R, Engel T, Dulaunoy A (2011) Adaptive and self- configurable honeypots. In: 12th IFIP/IEEE international symposium on integrated network management (IM 2011) and workshops, IEEE, pp. 345– 352
Wang K, Du M, Maharjan S, Sun Y (2017) Strategic honeypot game model for distributed denial of service attacks in the smart grid. IEEE Trans Smart Grid 8(5):2474–2482
Wang D, Cheng H, Wang P, Yan J, Huang X (2018) A security analysis of honeywords. NDSS. https://doi.org/10.14722/ndss.2018.12345
Wang X, Guo N, Gao F, Feng J. (2019) Distributed denial of service attack defense simulation based on honeynet technology. Journal of Ambient Intelligence and Humanized Computing pp. 1–16
Wang, Z., Wan, Q., Qin, Y., Fan, S. & Xiao, Z. (2020) Research on intelligent algorithm for alerting vehicle impact based on multi-agent deep reinforcement learning. Journal of Ambient Intelligence and Humanized Computing pp. 1–11
Yeh C-H, Yang C-H (2008) Design and implementation of honeypot systems based on open-source software. In: IEEE international conference on intelligence and security informatics. IEEE, pp. 265–266
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Suratkar, S., Shah, K., Sood, A. et al. An adaptive honeypot using Q-Learning with severity analyzer. J Ambient Intell Human Comput 13, 4865–4876 (2022). https://doi.org/10.1007/s12652-021-03229-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-021-03229-2