TY - GEN
T1 - A Fuzzy Approach for Detecting and Defending Against Spoofing Attacks on Low Interaction Honeypots
AU - Naik, Nitin
AU - Jenkins, Paul
N1 - Publisher Copyright:
© 2018 ISIF
PY - 2018/9/6
Y1 - 2018/9/6
N2 - Honeypots are a well-recognised entrapment mechanism for baiting attackers in the field of network security. They gather real-time and valuable information from the attacker regarding their attack processes, which is not possible by other security means. Despite this invaluable contribution of the honeypot in moulding a cohesive security policy, the honeypot is normally designed with fewer resources, as security personnel do not consider it as part of the operational network. Consequently, such limited capability or low-interaction honeypots are vulnerable to common security attacks. A spoofing attack is one such attack that can be carried out on these low-interaction honeypots making them ineffectual. Unfortunately, these low-interaction honeypots have very limited or no capability to detect and defend against this type of attack due their inadequate ability to respond, versus a more complex honeypot with greater deceptive capabilities. Therefore, this paper proposes a resource-optimised fuzzy approach for detecting and defending against a spoofing attack on a low-interaction honeypot. Primarily, it proposes a detection mechanism for the spoofing attack based on the analysis of experimental data gathered from the honeypot and its internal network. Subsequently, the paper proposes a fuzzy approach for predicting and alerting, in a timely manner, the spoofing attack on low-interaction honeypots to prevent the attack. Finally, experimental simulation is utilised to demonstrate that any low-interaction honeypot can be made a spoofing attack-aware honeypot by employing the proposed fuzzy approach.
AB - Honeypots are a well-recognised entrapment mechanism for baiting attackers in the field of network security. They gather real-time and valuable information from the attacker regarding their attack processes, which is not possible by other security means. Despite this invaluable contribution of the honeypot in moulding a cohesive security policy, the honeypot is normally designed with fewer resources, as security personnel do not consider it as part of the operational network. Consequently, such limited capability or low-interaction honeypots are vulnerable to common security attacks. A spoofing attack is one such attack that can be carried out on these low-interaction honeypots making them ineffectual. Unfortunately, these low-interaction honeypots have very limited or no capability to detect and defend against this type of attack due their inadequate ability to respond, versus a more complex honeypot with greater deceptive capabilities. Therefore, this paper proposes a resource-optimised fuzzy approach for detecting and defending against a spoofing attack on a low-interaction honeypot. Primarily, it proposes a detection mechanism for the spoofing attack based on the analysis of experimental data gathered from the honeypot and its internal network. Subsequently, the paper proposes a fuzzy approach for predicting and alerting, in a timely manner, the spoofing attack on low-interaction honeypots to prevent the attack. Finally, experimental simulation is utilised to demonstrate that any low-interaction honeypot can be made a spoofing attack-aware honeypot by employing the proposed fuzzy approach.
KW - ARP Spoofing
KW - Fuzzy Approach
KW - IP Spoofing
KW - KFSensor
KW - Low Interaction Honeypot
KW - Spoofing Attack
UR - http://www.scopus.com/inward/record.url?scp=85054082222&partnerID=8YFLogxK
U2 - 10.23919/ICIF.2018.8455555
DO - 10.23919/ICIF.2018.8455555
M3 - Conference contribution
AN - SCOPUS:85054082222
SN - 9780996452762
T3 - 2018 21st International Conference on Information Fusion, FUSION 2018
SP - 904
EP - 910
BT - 2018 21st International Conference on Information Fusion, FUSION 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 21st International Conference on Information Fusion, FUSION 2018
Y2 - 10 July 2018 through 13 July 2018
ER -