A Fuzzy Approach for Detecting and Defending Against Spoofing Attacks on Low Interaction Honeypots

Nitin Naik, Paul Jenkins

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

20 Citations (Scopus)

Abstract

Honeypots are a well-recognised entrapment mechanism for baiting attackers in the field of network security. They gather real-time and valuable information from the attacker regarding their attack processes, which is not possible by other security means. Despite this invaluable contribution of the honeypot in moulding a cohesive security policy, the honeypot is normally designed with fewer resources, as security personnel do not consider it as part of the operational network. Consequently, such limited capability or low-interaction honeypots are vulnerable to common security attacks. A spoofing attack is one such attack that can be carried out on these low-interaction honeypots making them ineffectual. Unfortunately, these low-interaction honeypots have very limited or no capability to detect and defend against this type of attack due their inadequate ability to respond, versus a more complex honeypot with greater deceptive capabilities. Therefore, this paper proposes a resource-optimised fuzzy approach for detecting and defending against a spoofing attack on a low-interaction honeypot. Primarily, it proposes a detection mechanism for the spoofing attack based on the analysis of experimental data gathered from the honeypot and its internal network. Subsequently, the paper proposes a fuzzy approach for predicting and alerting, in a timely manner, the spoofing attack on low-interaction honeypots to prevent the attack. Finally, experimental simulation is utilised to demonstrate that any low-interaction honeypot can be made a spoofing attack-aware honeypot by employing the proposed fuzzy approach.

Original languageEnglish
Title of host publication2018 21st International Conference on Information Fusion, FUSION 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages904-910
Number of pages7
ISBN (Print)9780996452762
DOIs
Publication statusPublished - 6 Sept 2018
Externally publishedYes
Event21st International Conference on Information Fusion, FUSION 2018 - Cambridge, United Kingdom
Duration: 10 Jul 201813 Jul 2018

Publication series

Name2018 21st International Conference on Information Fusion, FUSION 2018

Conference

Conference21st International Conference on Information Fusion, FUSION 2018
Country/TerritoryUnited Kingdom
CityCambridge
Period10/07/1813/07/18

Keywords

  • ARP Spoofing
  • Fuzzy Approach
  • IP Spoofing
  • KFSensor
  • Low Interaction Honeypot
  • Spoofing Attack

Cite this