摘要(英) |
Traditionally, enterprises have adopted passive defenses such as firewalls, intrusion detection systems and anti-virus software. These defenses usually rely on established rules to defend against known attack patterns. Faced with a new type of attack that has never appeared, these defenses will be completely useless.
Honeypot is an active defense that has emerged in recent years. By emulating a network service or a vulnerable environment, it attracts attackers to invade, thereby collecting information about attackers invading machines. Through this information, enterprise can understand the attack methods used by attackers and strengthen the weaker parts of the existing protection.
However, the existing honeypots have some limitations. For example, an attacker may detect the existence of honeypots, the information collected by honeypots is not close enough to the real situation, and the deployment of an unproductive honeypot requires additional resources.
This paper integrates intrusion detection system, honeypot and virtual machine migration mechanism to transform a productive system into a honeypot, which can overcome the existing limitations of honeypots. |
參考文獻 |
[1] C. S. Martin Roesch. (2019). Snort, [Online]. Available: https://www.snort.org (visited on 07/22/2020).
[2] E. Alata, V. Nicomette, M. Kaâniche, M. Dacier, and M. Herrb, “Lessons learned from the deployment of a high-interaction honeypot,” in 2006 Sixth European Dependable Computing Conference, IEEE, 2006, pp. 39–46. (visited on 07/22/2020).
[3] A. Almutairi, D. Parish, and R. Phan, “Survey of high interaction honeypot tools: Merits and shortcomings,” in Proceedings of the 13th Annual PostGraduate Symposium on The Convergence of Telecommunications, Networking and Broadcasting, PGNet2012. PGNet, 2012. (visited on 07/22/2020).
[4] J. D. Guarnizo, A. Tambe, S. S. Bhunia, M. Ochoa, N. O. Tippenhauer, A. Shabtai, and Y. Elovici, “Siphon: Towards scalable high-interaction physical honeypots,” in Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security, 2017, pp. 57–68. (visited on 07/22/2020).
[5] A. Mairh, D. Barik, K. Verma, and D. Jena, “Honeypot in network security: A survey,” in Proceedings of the 2011 international conference on communication, computing & security, 2011, pp. 600–605. (visited on 07/22/2020).
[6] I. Mokube and M. Adams, “Honeypots: Concepts, approaches, and challenges,” in Proceedings of the 45th annual southeast regional conference, 2007, pp. 321–326. (visited on 07/22/2020).
[7] V. Nicomette, M. Kaâniche, E. Alata, and M. Herrb, “Set-up and deployment of a high-interaction honeypot: Experiment and lessons learned,” Journal in computer virology, vol. 7, no. 2, pp. 143–157, 2011. (visited on 07/22/2020).
[8] S. Nithin Chandra and T. Madhuri, “Cloud security using honeypot systems,” International Journal of Scientific & Engineering Research, vol. 3, no. 3, p. 1, 2012. (visited on 07/22/2020).
[9] thinkst. (2019). Opencanary, [Online]. Available: https://github.com/thinkst/opencanary (visited on 07/22/2020).
[10] firnsy. (2020). Barnyard 2, [Online]. Available: https://github.com/firnsy/barnyard2 (visited on 07/22/2020).
[11] Microsoft. (2019). Process monitor, [Online]. Available: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon (visited on 07/22/2020).
[12] T. W. team. (2020). Wireshark, [Online]. Available: https://www.wireshark.org (visited on 07/22/2020).
[13] P. H. Tom Preston-Werner Chris Wanstrath. (2008). Github, [Online]. Available: https://github.com/ (visited on 07/22/2020).
[14] ytisf. (2014). Thezoo, [Online]. Available: https://github.com/ytisf/theZoo (visited on 07/22/2020).
[15] (2020). Any.run, [Online]. Available: https://any.run/ (visited on 07/22/2020).
[16] (2016). Cyberswachhtakendra, [Online]. Available: https://www.cyberswachhtakendra.gov.in/index.html (visited on 07/22/2020). |