Published February 26, 2021 | Version v1
Journal article Open

Development of a method for constructing linguistic standards for multi-criteria assessment of honeypot efficiency

Authors/Creators

  • 1. National Aviation University
  • 2. Ukrainian State Centre of Radio Frequencies
  • 3. Simon Kuznets Kharkiv National University of Economics
  • 4. Satbayev University; T.K. Zhurgenov Kazakh National Academy of Arts
  • 5. Central Research Institute of the Armed Forces of Ukraine
  • 6. Taras Shevchenko National University of Kyiv
  • 7. State University of Telecommunications
  • 8. Kharkiv National University of Radio Electronics
  • 9. Vinnytsia National Technical University

Description

One of the pressing areas that is developing in the field of information security is associated with the use of Honeypots (virtual decoys, online traps), and the selection of criteria for determining the most effective Honeypots and their further classification is an urgent task. The main products that implement virtual decoy technologies are presented. They are often used to study the behavior, approaches and methods that an unauthorized party uses to gain unauthorized access to information system resources. Online hooks can simulate any resource, but more often they look like real production servers and workstations. A number of fairly effective developments are known that are used to solve the problems of detecting attacks on information system resources, which are based on the apparatus of fuzzy sets. They showed the effectiveness of the appropriate mathematical apparatus, the use of which, for example, to formalize the approach to the formation of a set of reference values that will improve the process of determining the most effective Honeypots. For this purpose, many characteristics have been formed (installation and configuration process, usage and support process, data collection, logging level, simulation level, interaction level) that determine the properties of online traps. These characteristics became the basis for developing a method for the formation of standards of linguistic variables for further selection of the most effective Honeypots. The method is based on the formation of a Honeypots set, subsets of characteristics and identifier values of linguistic estimates of the Honeypot characteristics, a base and derived frequency matrix, as well as on the construction of fuzzy terms and reference fuzzy numbers with their visualization. This will allow classifying and selecting the most effective virtual baits in the future.

Files

Development of a method for constructing linguistic standards for multi-criteria assessment of honeypot efficiency.pdf

Files (412.3 kB)

Additional details

References

  • Korchenko, A. (2019). Metody identyfikatsii anomalnykh staniv dlia system vyiavlennia vtorhnen. Kyiv, 361.
  • Stoll, C. (1990). Cuckoo's Egg. NY: Pocket, 356.
  • Cheswick, B. (1995). An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied. NY: Management Analytics and Others, 147.
  • Spitzner, L. (2002). Honeypots: Tracking Hackers. NY: Addison-Wesley Professional, 480.
  • Provos, N., Holz, T. (2007). Virtual Honeypots: From Botnet Tracking to Intrusion Detection. NY: Addison-Wesley Professional, 440.
  • Honeynet Project. Blog. Available at: http://www.honeynet.org
  • Cohen, F., Lambert, D., Preston, C., Berry, N., Stewart, C., Thomas, E. (2001). A Framework for Deception. Tech. Report.
  • Balas, E., Viecco, C. (2005). Towards a third generation data capture architecture for honeynets. Proceedings from the Sixth Annual IEEE Systems, Man and Cybernetics (SMC) Information Assurance Workshop, 2005. doi: https://doi.org/10.1109/iaw.2005.1495929
  • Roesch, M. (1999). Snort – lightweight intrusion detection for networks. Proceedings of LISA '99: 13th Systems Administration Conference, 229–238.
  • LaBrea: «Sticky» Honeypot and IDS. Available at: http://labrea.sourceforge.net
  • Hammer, R. (2006). Enhancing IDS using, Tiny Honeypot. SANS Institute.
  • The Deception Toolkit Home Page and Mailing List. The Deception Toolkit. Available at: http://www.all.net/dtk/dtk.html
  • Baykara, M., Daş, R. (2015). A Survey on Potential Applications of Honeypot Technology in Intrusion Detection Systems. International Journal of Computer Networks and Applications (IJCNA), 2 (5), 203–211.
  • Thakar, U., Varma, S., Ramani, A. (2005). HoneyAnalyzer – Analysis and Extraction of Intrusion Detection Patterns & Signatures Using Honeypot. The Second International Conference on Innovations in Information Technology (IIT'05). – Indore: Institute of Technology and Science.
  • Hnatiuk, S., Volianska, V., Karpenko, S. (2012). Modern virtual decoy systems based on honeypot technology. Ukrainian Information Security Research Journal, 14 (3 (56)), 107–115. doi: https://doi.org/10.18372/2410-7840.14.3398
  • Jia, Z., Cui, X., Liu, Q., Wang, X., Liu, C. (2018). Micro-Honeypot: Using Browser Fingerprinting to Track Attackers. 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC), 197–204. doi: http://doi.org/10.1109/DSC.2018.00036
  • Park, J.-H., Choi, J.-W., Song, J.-S. (2016). How to Design Practical Client Honeypots Based on Virtual Environment. 2016 11th Asia Joint Conference on Information Security (AsiaJCIS), 67–73. doi: http://doi.org/10.1109/AsiaJCIS.2016.19
  • Almohannadi, H., Awan, I., Hamar, J. A., Cullen, A., Disso, J. P., Armitage, L. (2018). Cyber Threat Intelligence from Honeypot Data Using Elasticsearch. 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA), 900–906. doi: http://doi.org/10.1109/AINA.2018.00132
  • Fraunholz, D., Zimmermann, M., Hafner, A., Schotten, H. D. (2017). Data Mining in Long-Term Honeypot Data. 2017 IEEE International Conference on Data Mining Workshops (ICDMW), 649–656. doi: http://doi.org/10.1109/ICDMW.2017.92
  • Moore, C. (2016). Detecting Ransomware with Honeypot Techniques. 2016 Cybersecurity and Cyberforensics Conference (CCC), 77–81. doi: http://doi.org/10.1109/CCC.2016.14
  • Bombardieri, M., Castano, S., Curcio, F., Furfaro, A., Karatza, H. D. (2016). Honeypot-Powered Malware Reverse Engineering. 2016 IEEE International Conference on Cloud Engineering Workshop (IC2EW), 65–69. doi: http://doi.org/10.1109/IC2EW.2016.16
  • Lin, Y.-D., Lee, C.-Y., Wu, Y.-S., Ho, P.-H., Wang, F.-Y., Tsai, Y.-L. (2014). Active versus Passive Malware Collection. Computer, 47 (4), 59–65. doi: http://doi.org/10.1109/MC.2013.226
  • Henderson, B., Mckenna, S., Rowe, N. (2018). Web Honeypots for Spies. 2018 International Conference on Computational Science and Computational Intelligence (CSCI), 1–6. doi: http://doi.org/10.1109/CSCI46756.2018.00009
  • Kishimoto, K., Ohira, K., Yamaguchi, Y., Yamaki, H., Takakura, H. (2012). An Adaptive Honeypot System to Capture IPv6 Address Scans. 2012 International Conference on Cyber Security. doi: https://doi.org/10.1109/cybersecurity.2012.28
  • Hecker, C., Hay, B. (2013). Automated Honeynet Deployment for Dynamic Network Environment. 2013 46th Hawaii International Conference on System Sciences. doi: https://doi.org/10.1109/hicss.2013.110
  • Tehnologiya Honeypot. Chast' 2: Klassifikatsiya Honeypot. Available at: https://www.securitylab.ru/analytics/275775.php
  • Honeypots primanka na hakera. Available at: https://docplayer.ru/54222428-Honeypots-primanka-na-hakera.html
  • Kotenko, I. V., Stepashkin, M. V. (2014). Deception systems for protection of information resources in computer networks. SPIIRAS Proceedings, 1 (2), 211. doi: https://doi.org/10.15622/sp.2.16
  • Korchenko, O. H., Kazmirchuk, S. V., Akhmetov, B. B. (2017). Prykladni systemy otsiniuvannia ryzykiv informatsiynoi bezpeky. Kyiv, 435.
  • Korchenko, A. G. (2006). The development of information protection systems based on the fuzzy sets. The theory and practical solutions. Kyiv, 320.
  • Korchenko, A. A. (2014). Metod formirovaniya lingvisticheskih etalonov dlya sistem vyyavleniya vtorzheniy. Zakhyst informatsiyi, 16 (1), 5–12.
  • Akhmetov, B., Korchenko, A., Akhmetova, S., Zhumangalieva, N. (2016). Improved method for the formation of linguistic standards for of intrusion detection systems. Journal of Theoretical and Applied Information Technology, 87 (2), 221–232.
  • Zhumangaliyeva, N., Doszhanova, A., Korchenko, A., Kazmirchuk, S., Avkurova, Z., Zhaxygulova, D. (2020). Method of linguistic variable standards formation for honeypot classification. Bulletin of national academy of sciences of the republic of Kazakhstan, 5 (387), 16–24. doi: https://doi.org/10.32014/2020.2518-1467.138
  • Zhumangaliyeva, N., Korchenko, A., Doszhanova, A., Shaikhanova, A., Zhadyra, S. G. A. (2019). Detection environment formation method for anomaly detection systems. Journal of Theoretical and Applied Information Technology, 97 (16), 4239–4250.
  • Karpinski, M., Korchenko, A., Vikulov, P., Kochan, R., Balyk, A., Kozak, R. (2017). The etalon models of linguistic variables for sniffing-attack detection. 2017 9th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). doi: https://doi.org/10.1109/idaacs.2017.8095087
  • Korchenko, A., Warwas, K., Klos-Witkowska, A. (2015). The tupel model of basic components' set formation for cyberattacks. 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). doi: https://doi.org/10.1109/idaacs.2015.7340782