International Journal of Wireless and Microwave Technologies (IJWMT)
IJWMT Vol. 13, No. 6, 8 Dec. 2023
Cover page and Table of Contents: PDF (size: 662KB)
A New Framework of Honeypots Network Security Using Linear Regression Decision Algorithm
Full Text (PDF, 662KB), PP.23-31
Views: 0 Downloads: 0
Author(s)
Index Terms
Honeypots, Linear Regression, application-layer feature, network-layer feature
Abstract
The expansion of the Internet and shared networks aids to the growth of records generated by nodes connected to the Internet. With the development of network attack technology, all Internet hosts have become targets of attack. When dealing with new attacks (such as smart ongoing threats) in a complex network environment, existing security strategies are powerless. Compared to existing security detection techniques, honeypot systems (IoT research) can analyze network packets or log files being attacked, and automatically monitor potential attack. Researchers can use this data to accurately capture the tactics, strategies, and techniques of threat actors to create defense strategies. However, for general security researchers, the immediate topic is how to improve the honeypot mechanism that attackers do not recognize and quietly capture their actions. Honeypot technology can be used not only as a passive information system, but also to combat zero-day and future attacks. In response to the rapid development of honeypot recognition with machine-learning technology, this paper proposes a new model of machine learning based on a linear regression algorithm with application and network layer characteristics. As a result of the experiment, we found that the proposed model was 97% more accurate than other machine learning algorithms.
Cite This Paper
Avijit Mondal, Radha Tamal Goswami, Soumita Sen, "A New Framework of Honeypots Network Security Using Linear Regression Decision Algorithm", International Journal of Wireless and Microwave Technologies(IJWMT), Vol.13, No.6, pp. 23-31, 2023. DOI:10.5815/ijwmt.2023.06.03
Reference
[1]GData, Malware Numbers, http://www.gdatasoftware.com, 2017.
[2]P. Owezarski, “Unsupervised classification and characterization of honeypot attacks,” in Proceedings of 10th International Conference on Network and Service Management (CNSM) and Workshop, pp. 10–18, Rio de Janeiro, Brazil, November 2014.
[3]S. Dowling, M. Schukat, and E. Barrett, “Improving adaptive honeypot functionality with efficient reinforcement learning parameters for automated malware,” Journal of Cyber Security Technology, vol. 2, no. 2, pp. 75–91, 2018.
[4]M. M. Matin and B. Rahardjo, “Malware detection using honeypot and machine learning,” in Proceedings of 2019 7th International Conference on Cyber and IT Service Management (CITSM), Bandung Institute of Technology, Bandung, Indonesia, pp. 1–4, November 2019.
[5]L. Spitzner, Honeypots: Tracking Hackers, Addison-Wesley, Clemson, SC, USA, 2003.
[6]Mokube and M. Adams, “Honeypots: concepts, approaches, and challenges,” in Proceedings of the 45th Annual Southeast Regional Conference, pp. 321–326, ACM, Winston-Salem, NC, USA, March 2007.
[7]L. Spitzner, “)e honeynet project: trapping the hackers,” IEEE Security & Privacy, vol. 1, no. 2, pp. 15–23, 2003.
[8]O. Thonnard and M. Dacier, “A framework for attack patterns’ discovery in honeynet data,” Digital Investigation, vol. 5, pp. 128–139, 2008.
[9]W. Fan, Z. Du, M. Smith-Creasey, and D. Fernandez, “HoneyDOC: an efficient honeypot architecture enabling all round design,” IEEE Journal on Selected Areas in Communications, vol. 37, no. 3, pp. 683–697, 2019.
[10]K. Sadasivam, B. Samudrala, and T. A. Yang, “Design of network security projects using honeypots,” Journal of Computing Sciences in Colleges, vol. 20, pp. 282–293, 2005.
[11]M. Mansoori, O. Zakaria, and A. Gani, “Improving exposure of intrusion deception system through implementation of hybrid honeypot,” The International Arab Journal of Information Technology, vol. 9, no. 5, pp. 436–444, 2012.
[12]G. Portokalidis and H. Bos, “SweetBait: zero-hour worm detection and containment using low- and high-interaction honeypots,” Computer Networks, vol. 51, no. 5, pp. 1256–1274, 2007.
[13]W. Fan, Z. Du, D. Fern´andez, and V. A. Villagra, “Enabling an anatomic view to investigate honeypot systems: a survey,” IEEE Systems Journal, vol. 12, no. 4, pp. 3906–3919, 2017.
[14]M. L. Bringer, C. A. Chelmecki, and H. Fujinoki, “A survey: recent advances and future trends in honeypot research,” International Journal of Computer Network and Information Security, vol. 4, no. 10, pp. 63–75, 2012.
[15]P. Wang, L. Wu, R. Cunningham, and C. C. Zou, “Honeypot detection in advanced botnet attacks,” International Journal of Information and Computer Security, vol. 4, no. 1, pp. 30–51, 2010.
[16]K. Papazis and N. Chilamkurti, “Detecting indicators of deception in emulated monitoring systems,” Service Oriented Computing and Applications, vol. 13, no. 1, pp. 17–29, 2019.
[17]W. Fan and D. Fern´andez, “A novel SDN based stealthy TCP connection handover mechanism for hybrid honeypot systems,” in Proceedings of the 2017 IEEE Conference on Network Softwarization (NetSoft), pp. 1–9, IEEE, Bologna, Italy, July 2017.
[18]T. Luo, Z. Xu, X. Jin, Y. Jia, and X. Ouyang, “Iotcandyjar: towards an intelligent-interaction honeypot for iot devices,” in Proceedings of the Black Hat, Las Vegas, NV, USA, 2017.
[19]K. Lee, J. Caverlee, and S. Webb, “Uncovering social spammers: social honeypots+ machine learning,” in Proceeding of the 33rd international ACM SIGIR conference on Research and development in information retrieval - SIGIR’10, pp. 435–442, the ACM Digital Library, New York; NY, USA, July 2010.
[20]G. Feng, C. Zhang, and Q. Zhang, A Design of Linkage Security Defense System Based on Honeypot: Trustworthy Computing and Services, Springer, Berlin, Heidelberg, Germany, 2014.
[21]L.-j. Li and H. Peng, “A defense model study based on IDS and firewall linkage,” in Proceedings of 2010 International Conference of Information Science and Management Engineering, pp. 91–94, IEEE, Xi’an, China, August 2010.
[22]J. Papalitsas, S. Rauti, and V. Lepp¨anen, “A comparison of record and play honeypot designs,” in Proceedings of the 18th International Conference on Computer Systems and Technologies, pp. 133–140, ACM, Ruse, Bulgaria, June 2017.
[23]R. M. Campbell, K. Padayachee, and T. Masombuka, “A survey of honeypot research: trends and opportunities,” in Proceedings of the 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), pp. 208–212, IEEE, London, UK, December 2015.
[24]F. Y.-S. Lin, Y.-S. Wang, and M.-Y. Huang, “Effective proactive and reactive defense strategies against malicious attacks in a virtualized honeynet,” Journal of Applied Mathematics, vol. 2013, Article ID 518213, 11 pages, 2013.
[25]O. Surnin, F. Hussain, R. Hussain et al., “Probabilistic estimation of honeypot detection in Internet of things environment,” in Proceedings of the 2019 International Conference on Computing, Networking and Communications (ICNC), pp. 191–196, IEEE, Honolulu, HI, USA, February 2019.
[26]Z. Wang, X. Feng, Y. Niu, C. Zhang, and J. Su, “TSMWD: a high-speed malicious web page detection system based on two-step classifiers,” in Proceedings of the 2017 International Conference on Networking and Network Applications (NaNA), pp. 170–175, IEEE, Kathmandu City, Nepal, October 2017.
[27]D. Wenda and D. Ning, “A honeypot detection method based on characteristic analysis and environment detection,” in 2011 International Conference in Electrics, Communication and Automatic Control Proceedings, pp. 201–206, Springer, Berlin, Germany, 2012
[28]N. Provos, “A virtual honeypot framework,” in Proceedings of the USENIX Security Symposium, vol. 173, pp. 1–14, San Diego, CA, USA, August 2004.
[29]N. Krawetz, “Anti-honeypot technology,” IEEE Security & Privacy Magazine, vol. 2, no. 1, pp. 76–79, 200