Threat-Aware Honeypot for Discovering and Predicting Fingerprinting Attacks Using Principal Components Analysis

Nitin Naik, Paul Jenkins, Nick Savage

Research output: Chapter in Book/Report/Conference proceedingConference publication

Abstract

The proliferation of cyberattacks, their increase in complexity and therefore their resolution, has resulted in significant concern within the cybersecurity industry. A honeypot is a popular concealed tool used to entice attackers to disclose information about themselves. It is an effective tool provided that its identity is not revealed, however, a successful fingerprinting attack can reveal the honeypots identity; leading to possible devastating consequences, resulting in the imperative to detect such fingerprinting at the earliest opportunity. Several effective methods are available to prevent a fingerprinting attack; therefore, a real-time prediction method is highly desirable. Unfortunately, no technique is available to discover and predict a fingerprinting attack in real-time as it is difficult to isolate that attack from other attacks. Therefore, this paper proposes a technique to discover and predict fingerprinting attacks on the honeypot in real-time by using a Principal Components Analysis (PCA). As every fingerprinting attack requires a sequence of actions to collect sufficient information to generate a fingerprint, this proposed technique takes advantage of this requirement to gather its symptoms. Analysing several abnormalities in attributes of TCP, UDP and ICMP packets collected during the simulation of fingerprinting attacks, evaluating them based on popular attack techniques and empirical evidence. After selecting several targeted attributes based on the previous analysis, it performs a PCA to establish the most influential attributes by which a fingerprinting attack can be discovered and predicted accurately. Finally, it proposes a general model to predict the severity level of the fingerprinting attack on the honeypot.

Original languageEnglish
Title of host publicationProceedings of the 2018 IEEE Symposium Series on Computational Intelligence, SSCI 2018
EditorsSuresh Sundaram
PublisherIEEE
Pages623-630
Number of pages8
ISBN (Electronic)9781538692769
DOIs
Publication statusPublished - 28 Jan 2019
Event8th IEEE Symposium Series on Computational Intelligence, SSCI 2018 - Bangalore, India
Duration: 18 Nov 201821 Nov 2018

Publication series

NameProceedings of the 2018 IEEE Symposium Series on Computational Intelligence, SSCI 2018

Conference

Conference8th IEEE Symposium Series on Computational Intelligence, SSCI 2018
CountryIndia
CityBangalore
Period18/11/1821/11/18

Keywords

  • Cybersecurity
  • Fingerprinting Attack
  • Honeypot
  • Nmap
  • OS Fingerprinting Attack
  • PCA
  • Principal Components Analysis
  • Xprobe2

Fingerprint Dive into the research topics of 'Threat-Aware Honeypot for Discovering and Predicting Fingerprinting Attacks Using Principal Components Analysis'. Together they form a unique fingerprint.

Cite this