TY - GEN
T1 - Threat-Aware Honeypot for Discovering and Predicting Fingerprinting Attacks Using Principal Components Analysis
AU - Naik, Nitin
AU - Jenkins, Paul
AU - Savage, Nick
PY - 2019/1/28
Y1 - 2019/1/28
N2 - The proliferation of cyberattacks, their increase in complexity and therefore their resolution, has resulted in significant concern within the cybersecurity industry. A honeypot is a popular concealed tool used to entice attackers to disclose information about themselves. It is an effective tool provided that its identity is not revealed, however, a successful fingerprinting attack can reveal the honeypots identity; leading to possible devastating consequences, resulting in the imperative to detect such fingerprinting at the earliest opportunity. Several effective methods are available to prevent a fingerprinting attack; therefore, a real-time prediction method is highly desirable. Unfortunately, no technique is available to discover and predict a fingerprinting attack in real-time as it is difficult to isolate that attack from other attacks. Therefore, this paper proposes a technique to discover and predict fingerprinting attacks on the honeypot in real-time by using a Principal Components Analysis (PCA). As every fingerprinting attack requires a sequence of actions to collect sufficient information to generate a fingerprint, this proposed technique takes advantage of this requirement to gather its symptoms. Analysing several abnormalities in attributes of TCP, UDP and ICMP packets collected during the simulation of fingerprinting attacks, evaluating them based on popular attack techniques and empirical evidence. After selecting several targeted attributes based on the previous analysis, it performs a PCA to establish the most influential attributes by which a fingerprinting attack can be discovered and predicted accurately. Finally, it proposes a general model to predict the severity level of the fingerprinting attack on the honeypot.
AB - The proliferation of cyberattacks, their increase in complexity and therefore their resolution, has resulted in significant concern within the cybersecurity industry. A honeypot is a popular concealed tool used to entice attackers to disclose information about themselves. It is an effective tool provided that its identity is not revealed, however, a successful fingerprinting attack can reveal the honeypots identity; leading to possible devastating consequences, resulting in the imperative to detect such fingerprinting at the earliest opportunity. Several effective methods are available to prevent a fingerprinting attack; therefore, a real-time prediction method is highly desirable. Unfortunately, no technique is available to discover and predict a fingerprinting attack in real-time as it is difficult to isolate that attack from other attacks. Therefore, this paper proposes a technique to discover and predict fingerprinting attacks on the honeypot in real-time by using a Principal Components Analysis (PCA). As every fingerprinting attack requires a sequence of actions to collect sufficient information to generate a fingerprint, this proposed technique takes advantage of this requirement to gather its symptoms. Analysing several abnormalities in attributes of TCP, UDP and ICMP packets collected during the simulation of fingerprinting attacks, evaluating them based on popular attack techniques and empirical evidence. After selecting several targeted attributes based on the previous analysis, it performs a PCA to establish the most influential attributes by which a fingerprinting attack can be discovered and predicted accurately. Finally, it proposes a general model to predict the severity level of the fingerprinting attack on the honeypot.
KW - Cybersecurity
KW - Fingerprinting Attack
KW - Honeypot
KW - Nmap
KW - OS Fingerprinting Attack
KW - PCA
KW - Principal Components Analysis
KW - Xprobe2
UR - http://www.scopus.com/inward/record.url?scp=85059989173&partnerID=8YFLogxK
UR - https://ieeexplore.ieee.org/document/8628658
U2 - 10.1109/SSCI.2018.8628658
DO - 10.1109/SSCI.2018.8628658
M3 - Conference publication
AN - SCOPUS:85059989173
T3 - Proceedings of the 2018 IEEE Symposium Series on Computational Intelligence, SSCI 2018
SP - 623
EP - 630
BT - Proceedings of the 2018 IEEE Symposium Series on Computational Intelligence, SSCI 2018
A2 - Sundaram, Suresh
PB - IEEE
T2 - 8th IEEE Symposium Series on Computational Intelligence, SSCI 2018
Y2 - 18 November 2018 through 21 November 2018
ER -