Affiliation:
1. College of Cybersecurity, Sichuan University, Chengdu 610065, China
2. NSFOCUS, Beijing 100089, China
Abstract
Traditional security strategies are powerless when facing novel attacks in the complex network environment, such as advanced persistent threat (APT). Compared with traditional security detection strategies, the honeypot system, especially on the Internet of things research area, is intended to be attacked and automatically monitor potential attacks by analyzing network packages or log files. The researcher can extract exactly threat actor tactics, techniques, and procedures from these data and then generate more effective defense strategies. But for normal security researchers, it is an urgent topic how to improve the honeypot mechanism which could not be recognized by attackers, and silently capture their behaviors. So, they need awesome intelligent techniques to automatically check remotely whether the server runs honeypot service or not. As the rapid progress in honeypot detection using machine learning technologies, the paper proposed a new automatic identification model based on random forest algorithm with three group features: application-layer feature, network-layer feature, and other system-layer feature. The experiment datasets are collected from public known platforms and designed to prove the effectiveness of the proposed model. The experiment results showed that the presented model achieved a high area under curve (AUC) value with 0.93 (area under the receiver operating characteristic curve), which is better than other machine learning algorithms.
Funder
CCF-NSFOCUS KunPeng Research Fund
Subject
Computer Networks and Communications,Information Systems
Cited by
21 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献