Document Type: Original Research Paper

Authors

Department of Computer Engineering, Dezful Branch, Islamic Azad University, Dezful, Iran

10.22061/jecei.2020.5621.241

Abstract

Increasing usage of Internet and computer networks by individuals and organizations and also attackers’ usage of new methods and tools in an attempt to endanger network security, have led to the emergence of a wide range of threats to networks. A honeypot is one of the basic techniques employed for network security improvement. It is basically designed to be attacked so as to get the attackers’ information and trap them. By using a vulnerable scanner in this paper, we obtained the required network vulnerabilities and normalized them via the proposed method. Then, a dynamic hybrid honeypot has proposed by high and low interaction honeypots. Also, in the proposed method, by footprinting and scanning of an integrated network, a detailed picture of the production network and a honeypot configuration file are generated. As a result, more devices could be detected via automated production by the proposed method. This method could accelerate honeypot production and reduce the users’ mistakes during their manual production. Monitoring network traffic, collecting the information of network machines, determining network operating systems, and storing data in a database are the specific features of this system that could be performed by using the selected network scanning tools and modules.

Graphical Abstract

Keywords

Main Subjects

[1] M. E. Namin, M. Hosseinzadeh, N. Bagheri, and A. Khademzadeh, “RSPAE: RFID search protocol based on authenticated encryption,” Journal of Electrical and Computer Engineering Innovations, vol. 6, no. 2, pp. 179-192, 2018.
[2] M. Safkhani, “Cryptanalysis of R2AP an ultra lightweight authentication protocol for RFID,” Journal of Electrical and Computer Engineering Innovations, vol. 6, no. 1, pp. 107-114, 2018.
[3] L. Spitzner, Honeypots: tracking hackers, Addison Wesley Professional, vol. 1, 2002.
[4] P. Diebold, A. Hess, and G. Schäfer, “A honeypot architecture for detecting and analyzing unknown network attacks,” in Proc. 14th Kommunikation in Verteilten Systemen (KiVS05), pp. 245-255, 2005.
[5] J. P. John, F. Yu, Y. Xie, A. Krishnamurthy, and M. Abadi, “Heat-seeking honeypots: design and experience,” in Proc. The 20th International Conference on World Wide Web, ACM, pp. 207-216, 2011.
[6] A. M. Leonard, H. Cai, K. K. Venkatasubramanian, M. Ali, and T. Eisenbarth, “A honeypot system for wearable networks,” in Proc. IEEE 37th Sarnoff Symposium, pp. 199-201, 2016.
[7] J. D. Guarnizo, A. Tambe, S. S. Bhunia, M. Ochoa, N. O. Tippenhauer, A. Shabtai, and Y. Elovici, “Siphon: Towards scalable high-interaction physical honeypots,” in Proc. The 3rd ACM Workshop on Cyber-Physical System Security, pp. 57-68, 2017.
[8] D. Fraunholz, D. Krohmer, H. D. Schotten, and C. Nogueira, “Introducing FALCOM: A multifunctional high-interaction honeypot framework for industrial and embedded applications,” in Proc. International Conference on Cyber Security and Protection of Digital Services (Cyber Security), pp. 1-8, 2018.
[9] J. Daubert, D. Boopalan, M. Mühlhäuser, and E. Vasilomanolakis, “HoneyDrone: A medium-interaction unmanned aerial vehicle honeypot,” in Proc. NOMS 2018-2018 IEEE/IFIP Network Operations and Management Symposium, pp. 1-6, 2018.
[10] M. Baykara and R. DAŞ, “SoftSwitch: A centralized honeypot-based security approach using software-defined switching for secure management of VLAN networks,” Turkish Journal of Electrical Engineering & Computer Sciences, vol. 27, no. 5, pp. 3309-3325, 2019.
[11] R. Danford, 2nd Generation Honeyclients, SANS Internet Storm Center, 2006.
[12] F. Pouget, M. Dacier, and V. H. Pham, “On the advantages of deploying a large scale distributed honeypot platform,” in Proc. The E-Crime and Computer Evidence Conference, 2005.
[13] J. Levine, R. LaBella, H. Owen, D. Contis, and B. Culver, “The use of honeynets to detect exploited systems across large enterprise networks,” in Proc. Information Assurance Workshop, IEEE Systems, Man and Cybernetics Society, pp. 92-99, 2003.
[14] J. G. Levine, J. B. Grizzard, and H. L. Owen, “Using honeynets to protect large enterprise networks,” IEEE Security & Privacy, vol. 2, no. 6, pp. 73-75, 2004.
[15] S. Azadegan and V. McKenna, “Use of honeynets in computer security education,” in Proc. IEEE Fourth Annual ACIS International Conference on Computer and Information Science, pp. 320-325, 2005.
[16] ‘The Xen Hypervisor,’ http://www.xen.org/, December 2019.
[17] F. Bellard, “QEMU-open source processor emulator,” http://qemu.org/, (14 November 2019)
[18] “‘VMware”, http://www.vmware.com/, (01 October 2018)
[19] N. Provos and T. Holz, Virtual honeypots: from botnet tracking to intrusion detection, Pearson Education, 2007.
[20] R. Baumann and C. Plattner, Honeypots, Swiss Federal Institute of Technology, 2002.
[21] P. Fanfara, M. Dufala and J. Radušovský, “Autonomous hybrid honeypot as the future of distributed computer systems security,” Acta Polytechnica Hungarica, vol. 10, no. 6, pp. 25-42, 2013.
[22] I. Kuwatly, M. Sraj, Z. Al Masri, and H. Artail, “A dynamic honeypot design for intrusion detection,” in Proc. IEEE/ACS International Conference on Pervasive Services, pp. 95-104, 2004.
[23] C. Hecker and B. Hay, “Securing E-government assets through automating deployment of honeynets for IDS support,” in Proc. 43rd Hawaii International Conference in System Sciences (HICSS), pp. 1-10, 2010.
[24] C. Hecker and B. Hay, “Automated honeynet deployment for dynamic network environment,” in Proc. 46th Hawaii International Conference In System Sciences (HICSS), pp. 4880-4889, 2013.