ABSTRACT
Firewall technology has been widely used for to improve network security. However, it can detect several- types of attacks, it has not been able to detect malicious traffic inside an organization. Due to this limitation of the firewall technology in improving network security, in this paper we discuss the honeypot technology focusing on malicious traffic inside an organization. We propose a model based on collaboration of the virtual honeyd, and virtual honeynets, with the addition of a different honeypots based IDS, to improve the design of the existing security architecture. We also show how our model (three-in-one) extends and improves the concept, compared to the existing approaches and designs.
- Y. Yang, H. Yang, and J. Mi, Design of Distributed Honeypot System Based on Intrusion Tracking, IEEE. Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference. Xi'an, China..Google Scholar
- L. Li, H. Sun, and Z. Zhang, The Research and Design of Honeypot System Applied in the LAN Security, IEEE. Software Engineering and Service Science (ICSESS), 2011 IEEE 2nd International Conference. Beijing, China.Google Scholar
- J. C. Chang & Y. Lang, Design of virtual honeynet collaboration in existing security research network, IEEE. Communications and Information Technologies (ISCIT), 2010 international symposium. Tokyo, Japan.Google Scholar
- H. Liu, D. Zhang, G. Wei, and J. Zhong, Detecting Malicious Rootkit Web Pages in High-interaction Client Honeypots, IEEE. Information Theory and Information Security (ICITIS), 2010 IEEE International Conference. Beijing, China.Google Scholar
- L. Zhang, Honeypot based Defense System Research and Design, IEEE, Computer Science and Information Technology (ICCSIT), 2009 2nd IEEE International Conference. Beijing, China.Google Scholar
- L. K. Yan, Virtual Honeynets Revisited, IEEE. Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC.Google Scholar
- M. Cukier, and S. Panjwani, A Comparison between Internal and External Malicious Traffic, IEEE. Software Reliability, 2007. ISSRE '07. The 18th IEEE International Symposium. Trollhattan, Sweden. Google ScholarDigital Library
- R. Baumman, Honeyd- a low involvement honeypot in action. 2005. GCIA Practical.Google Scholar
- R. Chandran, and S. Pakala, Simulating networks with honeyd. 2006.Google Scholar
- M. T. Qassrawi, and H. Zhang, Client Honeypots-Approaches and challenges. New Trends in Information Science and Service Science (NISS), 2010 4th International Conference. Gyeongju, South Korea.Google Scholar
- M. M. Z. E. Mohammaed, and H. A. Chan, Polymorphic worm detection using double honeynet. Software Engineering Advances, 2009. ICSEA '09. 4th International Conference. Porto, Portugal. Google ScholarDigital Library
- K-H. Yeung, D. Fung, and K-Y. Wong, "Tools to attacking layer 2 network infrastructure", 2008, Proceedings of the International Multi Conference of Engineers and Computer Scientists 2008 Vol II, IMECS 2008, 19--21 March, 2008, Hong KongGoogle Scholar
- J. Oberheide, and M. Karir. Honeyd detection via packet fragmentation. 2010. Networking Research and Development. Merit Network Inc.Google Scholar
- D. Stirling, Enhancing Client Honeypots with Grid Services and Overflows, Master of Science Thesis, Victoria University of Wellington, 2010.Google Scholar
- Know Your Enemy: Learning about Security Threats, Addison Wesley 2nd ed., 2004.Google Scholar
- P. Wang, L. Wu, R. Cunningham, and C. C. Zou, Honeypot detection in advanced botnet attacks. International Journal of Information and Computer Security (Vol 4, No.1/2010), 2004. Inderscience Publishers. Google ScholarDigital Library
- X. Fu, B. Graham, D. Cheng, R. Bettati, and W. Zhao, Comouflaging Virtual honeypots. 2005.Google Scholar
- Y. Yang, h. Yang, J. Mi, Design of distributed honeypot based on intrusion tracking, 2011 IEEE 3rd International Conference on Communication Software and Networks (ICCSN), pp. 196--198, 27--29 May 2011.Google ScholarCross Ref
- E. E. Frederick, Testing a Low-Interaction Honeypot against Live Cyber Attackers, Amazon, 2011.Google Scholar
- J. Awad, and A. Derdmezis, Implementation of a high interaction honeynet testbed for educational and research purposes. 2005. URL: http://www.aitdspace.gr/xmlui/handle/123456789/245 (4th March, 2012)Google Scholar
- The Honeynet Project: Know Your Enemy: Learning About Security Threats, 2nd ed. Boston: Addison-Wesley, 2004, The Honeynet Project & Research Alliance: Know Your Enemy:Honeywall CDROM.Google Scholar
- L. Spitzner, Honeypots Tracking Hackers, Addison-Wesley Professional, 2003. Google ScholarDigital Library
- R. Russell, J. C. Foster, J. Posluns, and B. Caswell, Snort 2.0 intrusion Detection. 2004.Google Scholar
- Hayati, P. & Potdar, V., 2009. Toward Spam 2.0: An Evaluation of Web 2.0 Anti-Spam Methods. In 7th IEEE International Conference on Industrial Informatics. Cardiff, Wales.Google Scholar
- P. Hayati, V. Potdar, S. Sarenche, N. Firuzeh, E. A. Yeganeh, and A. Talevski, "Definition of Spam 2.0," in IEEE International Conference on Digital Ecosystems and Technologies (DEST 2010), Dubai, UAE, 2010.Google Scholar
- P. Hayati, K. Chai, V. Potdar, and A. Talevski, "HoneySpam 2.0: Profiling Web Spambot Behaviour," in 12th International Conference on Principles of Practise in Multi-Agent Systems, Nagoya, Japan, 2009, pp. 335--344. Google ScholarDigital Library
- P. Hayati and V. Potdar, "Spammer and Hacker, Two Old Friends," in 3rd IEEE International Conference on Digital Ecosystems and Technologies (IEEE-DEST 2009) Istanbul, Turkey, 2009.Google Scholar
- P. Hayati, V. Potdar, K. Chai, and A. Talevski, "Web Spambot Detection Based on Web Navigation Behaviour," in 24th IEEE International Conference on Advanced Information Networking and Applications (AINA 2010), Perth, Western Australia, 2010. Google ScholarDigital Library
- P. Hayati, K. Chai, A. Talevski, and V. Potdar, "Behaviour-Based Web Spambot Detection by Utilising Action Time and Action Frequency," in The 2010 International Conference on Computational Science and Applications (ICCSA 2010), Fukuoka, Japan, 2010. Google ScholarDigital Library
- P. Hayati, V. Potdar, A. Talevski, and K. Chai, "Web Spambot Characterising using Self Organising Maps," International Journal of Computer Systems Science and Engineering), 2010.Google Scholar
- P. Hayati, V. Potdar, W. F. Smyth, and A. Talevski, "Rule-Based Web Spambot Detection Using Action Strings," in The Seventh Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference (CEAS 2010), Redmond, Washington, 2010.Google Scholar
- Ridzuan, F., Potdar, V., and Talevski, T., 2010. Factors involved in estimating cost of Email Spam. In: International Conference on Computational Science and Its Applications (ICCSA 2010). Fukuoka, Japan, March 23--26 Google ScholarDigital Library
- F. Ridzuan, V. Potdar, and A. Talevski, "Key Parameters in Identifying Cost of Spam 2.0," in 24th IEEE International Conference on Advanced Information Networking and Applications (AINA 2010), Perth, Western Australia, 2010. Google ScholarDigital Library
- Ridzuan, F., Potdar, V. & Singh, J., 2011. Storage Cost of Spam 2.0 in a Web Discussion Forum. In ACM International Conference Proceedings Series. 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference (CEAS 2011). Perth, Western Australia. Google ScholarDigital Library
Index Terms
- Improving network security and design using honeypots
Recommendations
In Search of Effective Honeypot and Honeynet Systems for Real-Time Intrusion Detection and Prevention
RIIT '16: Proceedings of the 5th Annual Conference on Research in Information TechnologyA honeypot is a deception tool for enticing attackers to make efforts to compromise the electronic information systems of an organization. A honeypot can serve as an advanced security surveillance tool for use in minimizing the risks of attacks on ...
Honeypot in network security: a survey
ICCCS '11: Proceedings of the 2011 International Conference on Communication, Computing & SecurityIn this paper we review the recent advances in honeypot. Some notable proposals and there analysis have been discussed. The aspects of using honeypot in education and in hybrid environment with IDS have been explained. In this paper we also defines the ...
Design of network security projects using honeypots
Honeypots are closely monitored decoys that are employed in a network to study the trail of hackers and to alert network administrators of a possible intrusion. Using honeypots provides a cost-effective solution to increase the security posture of an ...
Comments