Naik, Nitin, Shang, Changjing, Jenkins, Paul and Shen, Qiang (2021). D-FRI-Honeypot:A Secure Sting Operation for Hacking the Hackers Using Dynamic Fuzzy Rule Interpolation. IEEE Transactions on Emerging Topics in Computational Intelligence, 5 (6), pp. 893-907.
Abstract
As active network defence systems, honeypots are commonly used as a decoy to inspect attackers and their attack tactics in order to improve the cybersecurity infrastructure of an organisation. A honeypot may be successful provided that it disguises its identity. However, cyberattackers continuously endeavour to discover honeypots for evading any deception and bolstering their attacks. Active fingerprinting attack is one such technique that may be used to discover honeypots by sending specially designed traffic. Preventing a fingerprinting attack is possible but doing that may hinder the process of dealing with the attackers, counteracting the purpose of a honeypot. Instead, detecting an attempted fingerprinting attack in real-time can enhance a honeypot’s capability, uninterruptedly managing any immediate consequences and preventing the honeypot being identified. Nevertheless, it is difficult to detect and predict an attempted fingerprinting attack due to the challenge of isolating it from other similar attacks, particularly when imprecise observations are involved in the monitoring of the traffic. Dynamic fuzzy rule interpolation (D-FRI) enables an adaptive approach for effective reasoning with such situations by exploiting the best of both inference and interpolation. The dynamic rules produced by D-FRI facilitate approximate reasoning with perpetual changes that often occur in this type of application, where dynamic rules are required to cover new network conditions. This paper proposes a D-FRI-Honeypot, an enhanced honeypot running D-FRI framework in conjunction with Principal Component Analysis, to detect and predict an attempted fingerprinting attack on honeypots. This D-FRI-Honeypot works with a sparse rule base but is able to detect active fingerprinting attacks when it does not find any matching rules. Also, it learns from current network conditions and offers a dynamically enriched rule base to support more precise detection. This D-FRI-Honeypot is tested against five popular fingerprinting tools (namely, Nmap, Xprobe2, NetScanTools Pro, SinFP3 and Nessus), to demonstrate its successful applications.
| Publication DOI: | https://doi.org/10.1109/TETCI.2020.3023447 |
|---|---|
| Divisions: | College of Engineering & Physical Sciences |
| Additional Information: | © 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. |
| Uncontrolled Keywords: | D-FRI,D-FRI-Honeypot,Dynamic fuzzy rule interpolation,Honeypot,fingerprinting attack,principal components analysis,sparse rule base,Computer Science Applications,Control and Optimization,Computational Mathematics,Artificial Intelligence |
| Publication ISSN: | 2471-285X |
| Last Modified: | 09 Apr 2024 07:16 |
| Date Deposited: | 08 Oct 2020 13:31 |
| Full Text Link: | |
| Related URLs: |
https://ieeexpl ... cument/9212649/
(Publisher URL) http://www.scop ... tnerID=8YFLogxK (Scopus URL) |
PURE Output Type: | Article |
| Published Date: | 2021-12-01 |
| Published Online Date: | 2020-10-05 |
| Accepted Date: | 2020-09-07 |
| Authors: |
Naik, Nitin
(
0000-0002-0659-9646)
Shang, Changjing Jenkins, Paul Shen, Qiang |
CORE (COnnecting REpositories)
CORE (COnnecting REpositories)