TY - GEN
T1 - Discovering hackers by stealth
T2 - 4th IEEE International Symposium on Systems Engineering, ISSE 2018
AU - Naik, Nitin
AU - Jenkins, Paul
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/10/3
Y1 - 2018/10/3
N2 - Cybersecurity is becoming increasingly challenging due to escalating security attacks on networks. A honeypot system is an effective entrapment mechanism for collecting information about these attacks and attackers. Nonetheless, one of the biggest risks to the honeypot system is the possibility of being fingerprinted by an attacker. As a consequence of the fingerprinting, the identity of the honeypot system could be revealed or it could be transformed into a bot to attack others. Several efficacious methods are proposed to fingerprint the honeypot system or to prevent it. However, there is no method that can identify and predict fingerprinting in real-time, to save the honeypot system. Therefore, this paper proposes a technique to identify and predict fingerprinting attacks on the honeypot system in real-time. This technique is based on the fingerprinting process which necessitates a series of events by the attacker and by analysing these events contemporaneously, it is feasible to identify and predict the fingerprinting attack on the honeypot system. For the development of this technique, a popular honeypot tool KFSensor and fingerprinting tools Nmap and Xprobe2 are utilised to collect fingerprint data relating to the honeypot system. This data is analysed to detect the various attack techniques used by popular fingerprinting tools to propose a solution.
AB - Cybersecurity is becoming increasingly challenging due to escalating security attacks on networks. A honeypot system is an effective entrapment mechanism for collecting information about these attacks and attackers. Nonetheless, one of the biggest risks to the honeypot system is the possibility of being fingerprinted by an attacker. As a consequence of the fingerprinting, the identity of the honeypot system could be revealed or it could be transformed into a bot to attack others. Several efficacious methods are proposed to fingerprint the honeypot system or to prevent it. However, there is no method that can identify and predict fingerprinting in real-time, to save the honeypot system. Therefore, this paper proposes a technique to identify and predict fingerprinting attacks on the honeypot system in real-time. This technique is based on the fingerprinting process which necessitates a series of events by the attacker and by analysing these events contemporaneously, it is feasible to identify and predict the fingerprinting attack on the honeypot system. For the development of this technique, a popular honeypot tool KFSensor and fingerprinting tools Nmap and Xprobe2 are utilised to collect fingerprint data relating to the honeypot system. This data is analysed to detect the various attack techniques used by popular fingerprinting tools to propose a solution.
KW - Cybersecurity
KW - Fingerprinting Attack
KW - Honeypot System
KW - KFSensor
KW - Nmap
KW - OS Fingerprinting
KW - TCP/IP Stack Fingerprinting
KW - Xprobe2
UR - http://www.scopus.com/inward/record.url?scp=85059987251&partnerID=8YFLogxK
U2 - 10.1109/SysEng.2018.8544408
DO - 10.1109/SysEng.2018.8544408
M3 - Conference contribution
AN - SCOPUS:85059987251
T3 - 4th IEEE International Symposium on Systems Engineering, ISSE 2018 - Proceedings
BT - 4th IEEE International Symposium on Systems Engineering, ISSE 2018 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 1 October 2018 through 3 October 2018
ER -