Automatic Identification of Honeypot Server Using Machine Learning Techniques

Author:

Huang Cheng1ORCID,Han Jiaxuan1,Zhang Xing2,Liu Jiayong1ORCID

Affiliation:

1. College of Cybersecurity, Sichuan University, Chengdu 610065, China

2. NSFOCUS, Beijing 100089, China

Abstract

Traditional security strategies are powerless when facing novel attacks in the complex network environment, such as advanced persistent threat (APT). Compared with traditional security detection strategies, the honeypot system, especially on the Internet of things research area, is intended to be attacked and automatically monitor potential attacks by analyzing network packages or log files. The researcher can extract exactly threat actor tactics, techniques, and procedures from these data and then generate more effective defense strategies. But for normal security researchers, it is an urgent topic how to improve the honeypot mechanism which could not be recognized by attackers, and silently capture their behaviors. So, they need awesome intelligent techniques to automatically check remotely whether the server runs honeypot service or not. As the rapid progress in honeypot detection using machine learning technologies, the paper proposed a new automatic identification model based on random forest algorithm with three group features: application-layer feature, network-layer feature, and other system-layer feature. The experiment datasets are collected from public known platforms and designed to prove the effectiveness of the proposed model. The experiment results showed that the presented model achieved a high area under curve (AUC) value with 0.93 (area under the receiver operating characteristic curve), which is better than other machine learning algorithms.

Funder

CCF-NSFOCUS KunPeng Research Fund

Publisher

Hindawi Limited

Subject

Computer Networks and Communications,Information Systems

Cited by 21 articles. 订阅此论文施引文献 订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献

1. The relevance, effectiveness, and future prospects of cyber deception implementation within organizations;Assurance and Security for AI-enabled Systems;2024-06-07

2. A survey of contemporary open-source honeypots, frameworks, and tools;Journal of Network and Computer Applications;2023-11

3. Research on the Application of Deception Defense Technology in Smart Grid;2023 3rd International Conference on Intelligent Power and Systems (ICIPS);2023-10-20

4. Gotta Catch ’em All: A Multistage Framework for Honeypot Fingerprinting;Digital Threats: Research and Practice;2023-09-30

5. Threat intelligence using Digital Twin honeypots in Cybersecurity;2023 IEEE International Conference on Cyber Security and Resilience (CSR);2023-07-31

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3