Discovering hackers by stealth: predicting fingerprinting attacks on honeypot systems

Nitin Naik; Paul Jenkins

doi:10.1109/SysEng.2018.8544408

Discovering hackers by stealth: predicting fingerprinting attacks on honeypot systems

Nitin Naik, Paul Jenkins

College of Engineering and Physical Sciences

Research output: Chapter in Book/Published conference output › Conference publication

Abstract

Cybersecurity is becoming increasingly challenging due to escalating security attacks on networks. A honeypot system is an effective entrapment mechanism for collecting information about these attacks and attackers. Nonetheless, one of the biggest risks to the honeypot system is the possibility of being fingerprinted by an attacker. As a consequence of the fingerprinting, the identity of the honeypot system could be revealed or it could be transformed into a bot to attack others. Several efficacious methods are proposed to fingerprint the honeypot system or to prevent it. However, there is no method that can identify and predict fingerprinting in real-time, to save the honeypot system. Therefore, this paper proposes a technique to identify and predict fingerprinting attacks on the honeypot system in real-time. This technique is based on the fingerprinting process which necessitates a series of events by the attacker and by analysing these events contemporaneously, it is feasible to identify and predict the fingerprinting attack on the honeypot system. For the development of this technique, a popular honeypot tool KFSensor and fingerprinting tools Nmap and Xprobe2 are utilised to collect fingerprint data relating to the honeypot system. This data is analysed to detect the various attack techniques used by popular fingerprinting tools to propose a solution.

Original language	English
Title of host publication	4th IEEE International Symposium on Systems Engineering, ISSE 2018 - Proceedings
Publisher	IEEE
ISBN (Electronic)	9781538644461
DOIs	https://doi.org/10.1109/SysEng.2018.8544408
Publication status	Published - 26 Nov 2018
Event	4th IEEE International Symposium on Systems Engineering, ISSE 2018 - Roma, Italy Duration: 1 Oct 2018 → 3 Oct 2018

Publication series

Name	4th IEEE International Symposium on Systems Engineering, ISSE 2018 - Proceedings

Conference

Conference	4th IEEE International Symposium on Systems Engineering, ISSE 2018
Country/Territory	Italy
City	Roma
Period	1/10/18 → 3/10/18

Keywords

Cybersecurity
Fingerprinting Attack
Honeypot System
KFSensor
Nmap
OS Fingerprinting
TCP/IP Stack Fingerprinting
Xprobe2

Access to Document

10.1109/SysEng.2018.8544408

Cite this

@inproceedings{520d44121c5345cd9521f0613245b853,

title = "Discovering hackers by stealth: predicting fingerprinting attacks on honeypot systems",

abstract = "Cybersecurity is becoming increasingly challenging due to escalating security attacks on networks. A honeypot system is an effective entrapment mechanism for collecting information about these attacks and attackers. Nonetheless, one of the biggest risks to the honeypot system is the possibility of being fingerprinted by an attacker. As a consequence of the fingerprinting, the identity of the honeypot system could be revealed or it could be transformed into a bot to attack others. Several efficacious methods are proposed to fingerprint the honeypot system or to prevent it. However, there is no method that can identify and predict fingerprinting in real-time, to save the honeypot system. Therefore, this paper proposes a technique to identify and predict fingerprinting attacks on the honeypot system in real-time. This technique is based on the fingerprinting process which necessitates a series of events by the attacker and by analysing these events contemporaneously, it is feasible to identify and predict the fingerprinting attack on the honeypot system. For the development of this technique, a popular honeypot tool KFSensor and fingerprinting tools Nmap and Xprobe2 are utilised to collect fingerprint data relating to the honeypot system. This data is analysed to detect the various attack techniques used by popular fingerprinting tools to propose a solution.",

keywords = "Cybersecurity, Fingerprinting Attack, Honeypot System, KFSensor, Nmap, OS Fingerprinting, TCP/IP Stack Fingerprinting, Xprobe2",

author = "Nitin Naik and Paul Jenkins",

year = "2018",

month = nov,

day = "26",

doi = "10.1109/SysEng.2018.8544408",

language = "English",

series = "4th IEEE International Symposium on Systems Engineering, ISSE 2018 - Proceedings",

publisher = "IEEE",

booktitle = "4th IEEE International Symposium on Systems Engineering, ISSE 2018 - Proceedings",

address = "United States",

note = "4th IEEE International Symposium on Systems Engineering, ISSE 2018 ; Conference date: 01-10-2018 Through 03-10-2018",

}

Naik, N & Jenkins, P 2018, Discovering hackers by stealth: predicting fingerprinting attacks on honeypot systems. in 4th IEEE International Symposium on Systems Engineering, ISSE 2018 - Proceedings., 8544408, 4th IEEE International Symposium on Systems Engineering, ISSE 2018 - Proceedings, IEEE, 4th IEEE International Symposium on Systems Engineering, ISSE 2018, Roma, Italy, 1/10/18. https://doi.org/10.1109/SysEng.2018.8544408

Discovering hackers by stealth: predicting fingerprinting attacks on honeypot systems. / Naik, Nitin; Jenkins, Paul.
4th IEEE International Symposium on Systems Engineering, ISSE 2018 - Proceedings. IEEE, 2018. 8544408 (4th IEEE International Symposium on Systems Engineering, ISSE 2018 - Proceedings).

Research output: Chapter in Book/Published conference output › Conference publication

TY - GEN

T1 - Discovering hackers by stealth

T2 - 4th IEEE International Symposium on Systems Engineering, ISSE 2018

AU - Naik, Nitin

AU - Jenkins, Paul

PY - 2018/11/26

Y1 - 2018/11/26

N2 - Cybersecurity is becoming increasingly challenging due to escalating security attacks on networks. A honeypot system is an effective entrapment mechanism for collecting information about these attacks and attackers. Nonetheless, one of the biggest risks to the honeypot system is the possibility of being fingerprinted by an attacker. As a consequence of the fingerprinting, the identity of the honeypot system could be revealed or it could be transformed into a bot to attack others. Several efficacious methods are proposed to fingerprint the honeypot system or to prevent it. However, there is no method that can identify and predict fingerprinting in real-time, to save the honeypot system. Therefore, this paper proposes a technique to identify and predict fingerprinting attacks on the honeypot system in real-time. This technique is based on the fingerprinting process which necessitates a series of events by the attacker and by analysing these events contemporaneously, it is feasible to identify and predict the fingerprinting attack on the honeypot system. For the development of this technique, a popular honeypot tool KFSensor and fingerprinting tools Nmap and Xprobe2 are utilised to collect fingerprint data relating to the honeypot system. This data is analysed to detect the various attack techniques used by popular fingerprinting tools to propose a solution.

AB - Cybersecurity is becoming increasingly challenging due to escalating security attacks on networks. A honeypot system is an effective entrapment mechanism for collecting information about these attacks and attackers. Nonetheless, one of the biggest risks to the honeypot system is the possibility of being fingerprinted by an attacker. As a consequence of the fingerprinting, the identity of the honeypot system could be revealed or it could be transformed into a bot to attack others. Several efficacious methods are proposed to fingerprint the honeypot system or to prevent it. However, there is no method that can identify and predict fingerprinting in real-time, to save the honeypot system. Therefore, this paper proposes a technique to identify and predict fingerprinting attacks on the honeypot system in real-time. This technique is based on the fingerprinting process which necessitates a series of events by the attacker and by analysing these events contemporaneously, it is feasible to identify and predict the fingerprinting attack on the honeypot system. For the development of this technique, a popular honeypot tool KFSensor and fingerprinting tools Nmap and Xprobe2 are utilised to collect fingerprint data relating to the honeypot system. This data is analysed to detect the various attack techniques used by popular fingerprinting tools to propose a solution.

KW - Cybersecurity

KW - Fingerprinting Attack

KW - Honeypot System

KW - KFSensor

KW - Nmap

KW - OS Fingerprinting

KW - TCP/IP Stack Fingerprinting

KW - Xprobe2

UR - http://www.scopus.com/inward/record.url?scp=85059987251&partnerID=8YFLogxK

U2 - 10.1109/SysEng.2018.8544408

DO - 10.1109/SysEng.2018.8544408

M3 - Conference publication

AN - SCOPUS:85059987251

T3 - 4th IEEE International Symposium on Systems Engineering, ISSE 2018 - Proceedings

BT - 4th IEEE International Symposium on Systems Engineering, ISSE 2018 - Proceedings

PB - IEEE

Y2 - 1 October 2018 through 3 October 2018

ER -

Discovering hackers by stealth: predicting fingerprinting attacks on honeypot systems

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this