research-article

Improving network security and design using honeypots

Authors:
Ritu Tiwari

Graphic Era University, Dehradun, Uttrakhand

Graphic Era University, Dehradun, Uttrakhand
View Profile

,
Abhishek Jain

Graphic Era University, Dehradun, Uttrakhand

Graphic Era University, Dehradun, Uttrakhand
View Profile

CUBE '12: Proceedings of the CUBE International Information Technology ConferenceSeptember 2012Pages 847–852https://doi.org/10.1145/2381716.2381875

Published:03 September 2012Publication History

CUBE '12: Proceedings of the CUBE International Information Technology Conference

Pages 847–852

ABSTRACT

Firewall technology has been widely used for to improve network security. However, it can detect several- types of attacks, it has not been able to detect malicious traffic inside an organization. Due to this limitation of the firewall technology in improving network security, in this paper we discuss the honeypot technology focusing on malicious traffic inside an organization. We propose a model based on collaboration of the virtual honeyd, and virtual honeynets, with the addition of a different honeypots based IDS, to improve the design of the existing security architecture. We also show how our model (three-in-one) extends and improves the concept, compared to the existing approaches and designs.

References

Y. Yang, H. Yang, and J. Mi, Design of Distributed Honeypot System Based on Intrusion Tracking, IEEE. Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference. Xi'an, China..Google Scholar
L. Li, H. Sun, and Z. Zhang, The Research and Design of Honeypot System Applied in the LAN Security, IEEE. Software Engineering and Service Science (ICSESS), 2011 IEEE 2nd International Conference. Beijing, China.Google Scholar
J. C. Chang & Y. Lang, Design of virtual honeynet collaboration in existing security research network, IEEE. Communications and Information Technologies (ISCIT), 2010 international symposium. Tokyo, Japan.Google Scholar
H. Liu, D. Zhang, G. Wei, and J. Zhong, Detecting Malicious Rootkit Web Pages in High-interaction Client Honeypots, IEEE. Information Theory and Information Security (ICITIS), 2010 IEEE International Conference. Beijing, China.Google Scholar
L. Zhang, Honeypot based Defense System Research and Design, IEEE, Computer Science and Information Technology (ICCSIT), 2009 2nd IEEE International Conference. Beijing, China.Google Scholar
L. K. Yan, Virtual Honeynets Revisited, IEEE. Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC.Google Scholar
M. Cukier, and S. Panjwani, A Comparison between Internal and External Malicious Traffic, IEEE. Software Reliability, 2007. ISSRE '07. The 18th IEEE International Symposium. Trollhattan, Sweden. Google ScholarDigital Library
R. Baumman, Honeyd- a low involvement honeypot in action. 2005. GCIA Practical.Google Scholar
R. Chandran, and S. Pakala, Simulating networks with honeyd. 2006.Google Scholar
M. T. Qassrawi, and H. Zhang, Client Honeypots-Approaches and challenges. New Trends in Information Science and Service Science (NISS), 2010 4th International Conference. Gyeongju, South Korea.Google Scholar
M. M. Z. E. Mohammaed, and H. A. Chan, Polymorphic worm detection using double honeynet. Software Engineering Advances, 2009. ICSEA '09. 4th International Conference. Porto, Portugal. Google ScholarDigital Library
K-H. Yeung, D. Fung, and K-Y. Wong, "Tools to attacking layer 2 network infrastructure", 2008, Proceedings of the International Multi Conference of Engineers and Computer Scientists 2008 Vol II, IMECS 2008, 19--21 March, 2008, Hong KongGoogle Scholar
J. Oberheide, and M. Karir. Honeyd detection via packet fragmentation. 2010. Networking Research and Development. Merit Network Inc.Google Scholar
D. Stirling, Enhancing Client Honeypots with Grid Services and Overflows, Master of Science Thesis, Victoria University of Wellington, 2010.Google Scholar
Know Your Enemy: Learning about Security Threats, Addison Wesley 2^nd ed., 2004.Google Scholar
P. Wang, L. Wu, R. Cunningham, and C. C. Zou, Honeypot detection in advanced botnet attacks. International Journal of Information and Computer Security (Vol 4, No.1/2010), 2004. Inderscience Publishers. Google ScholarDigital Library
X. Fu, B. Graham, D. Cheng, R. Bettati, and W. Zhao, Comouflaging Virtual honeypots. 2005.Google Scholar
Y. Yang, h. Yang, J. Mi, Design of distributed honeypot based on intrusion tracking, 2011 IEEE 3rd International Conference on Communication Software and Networks (ICCSN), pp. 196--198, 27--29 May 2011.Google ScholarCross Ref
E. E. Frederick, Testing a Low-Interaction Honeypot against Live Cyber Attackers, Amazon, 2011.Google Scholar
J. Awad, and A. Derdmezis, Implementation of a high interaction honeynet testbed for educational and research purposes. 2005. URL: http://www.aitdspace.gr/xmlui/handle/123456789/245 (4th March, 2012)Google Scholar
The Honeynet Project: Know Your Enemy: Learning About Security Threats, 2nd ed. Boston: Addison-Wesley, 2004, The Honeynet Project & Research Alliance: Know Your Enemy:Honeywall CDROM.Google Scholar
L. Spitzner, Honeypots Tracking Hackers, Addison-Wesley Professional, 2003. Google ScholarDigital Library
R. Russell, J. C. Foster, J. Posluns, and B. Caswell, Snort 2.0 intrusion Detection. 2004.Google Scholar
Hayati, P. & Potdar, V., 2009. Toward Spam 2.0: An Evaluation of Web 2.0 Anti-Spam Methods. In 7th IEEE International Conference on Industrial Informatics. Cardiff, Wales.Google Scholar
P. Hayati, V. Potdar, S. Sarenche, N. Firuzeh, E. A. Yeganeh, and A. Talevski, "Definition of Spam 2.0," in IEEE International Conference on Digital Ecosystems and Technologies (DEST 2010), Dubai, UAE, 2010.Google Scholar
P. Hayati, K. Chai, V. Potdar, and A. Talevski, "HoneySpam 2.0: Profiling Web Spambot Behaviour," in 12th International Conference on Principles of Practise in Multi-Agent Systems, Nagoya, Japan, 2009, pp. 335--344. Google ScholarDigital Library
P. Hayati and V. Potdar, "Spammer and Hacker, Two Old Friends," in 3rd IEEE International Conference on Digital Ecosystems and Technologies (IEEE-DEST 2009) Istanbul, Turkey, 2009.Google Scholar
P. Hayati, V. Potdar, K. Chai, and A. Talevski, "Web Spambot Detection Based on Web Navigation Behaviour," in 24th IEEE International Conference on Advanced Information Networking and Applications (AINA 2010), Perth, Western Australia, 2010. Google ScholarDigital Library
P. Hayati, K. Chai, A. Talevski, and V. Potdar, "Behaviour-Based Web Spambot Detection by Utilising Action Time and Action Frequency," in The 2010 International Conference on Computational Science and Applications (ICCSA 2010), Fukuoka, Japan, 2010. Google ScholarDigital Library
P. Hayati, V. Potdar, A. Talevski, and K. Chai, "Web Spambot Characterising using Self Organising Maps," International Journal of Computer Systems Science and Engineering), 2010.Google Scholar
P. Hayati, V. Potdar, W. F. Smyth, and A. Talevski, "Rule-Based Web Spambot Detection Using Action Strings," in The Seventh Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference (CEAS 2010), Redmond, Washington, 2010.Google Scholar
Ridzuan, F., Potdar, V., and Talevski, T., 2010. Factors involved in estimating cost of Email Spam. In: International Conference on Computational Science and Its Applications (ICCSA 2010). Fukuoka, Japan, March 23--26 Google ScholarDigital Library
F. Ridzuan, V. Potdar, and A. Talevski, "Key Parameters in Identifying Cost of Spam 2.0," in 24th IEEE International Conference on Advanced Information Networking and Applications (AINA 2010), Perth, Western Australia, 2010. Google ScholarDigital Library
Ridzuan, F., Potdar, V. & Singh, J., 2011. Storage Cost of Spam 2.0 in a Web Discussion Forum. In ACM International Conference Proceedings Series. 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference (CEAS 2011). Perth, Western Australia. Google ScholarDigital Library

Index Terms

Improving network security and design using honeypots
1. Security and privacy
  1. Network security

Recommendations

In Search of Effective Honeypot and Honeynet Systems for Real-Time Intrusion Detection and Prevention
RIIT '16: Proceedings of the 5th Annual Conference on Research in Information Technology

A honeypot is a deception tool for enticing attackers to make efforts to compromise the electronic information systems of an organization. A honeypot can serve as an advanced security surveillance tool for use in minimizing the risks of attacks on ...
Read More
Honeypot in network security: a survey
ICCCS '11: Proceedings of the 2011 International Conference on Communication, Computing & Security

In this paper we review the recent advances in honeypot. Some notable proposals and there analysis have been discussed. The aspects of using honeypot in education and in hybrid environment with IDS have been explained. In this paper we also defines the ...
Read More
Design of network security projects using honeypots

Honeypots are closely monitored decoys that are employed in a network to study the trail of hackers and to alert network administrators of a possible intrusion. Using honeypots provides a cost-effective solution to increase the security posture of an ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CUBE '12: Proceedings of the CUBE International Information Technology Conference
September 2012
879 pages
ISBN:9781450311854
DOI:10.1145/2381716
General Chair:
Vidyasagar Potdar
Curtin University, Australia
,
Program Chair:
Debajyoti Mukhopadhyay
Maharashtra Institute of Technology, India
Copyright © 2012 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 3 September 2012
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
HIHAT
honeynet
honeypot
sebek
snort
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 8
  Total Citations
  View Citations
- 914
  Total Downloads
- Downloads (Last 12 months)12
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Improving network security and design using honeypots

CUBE '12: Proceedings of the CUBE International Information Technology Conference

ABSTRACT

References

Cited By

Index Terms

Recommendations

In Search of Effective Honeypot and Honeynet Systems for Real-Time Intrusion Detection and Prevention

Honeypot in network security: a survey

Design of network security projects using honeypots