The main challenge in network security is keeping up with all threat types that arise every day. Traditional security mechanisms such as firewalls and Intrusion Detection System (IDS) do not provide detection for new attacks or helping in learning new attackers’ techniques. This paper presents a hybrid honeypot scheme that combines low and high interaction honeypots to mitigate the shortcomings of both types. The low interaction honeypots are used to emulate operating systems and services, and for any outbound connection, they act as a proxy to forward the packets to real systems in high interaction honeypot. The scheme is tested by applying Distributed Denial of Service attack (DDOS) against the system, and a significant enhancement to the system security is achieved. The results show that the performance of the IDS has been improved comparing with traditional IDS. Furthermore, the false positive rate is reduced, and the true positive rate is enhanced.
Published in | American Journal of Electrical and Computer Engineering (Volume 1, Issue 1) |
DOI | 10.11648/j.ajece.20170101.15 |
Page(s) | 33-39 |
Creative Commons |
This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited. |
Copyright |
Copyright © The Author(s), 2017. Published by Science Publishing Group |
Intrusion Detection System, Hybrid Honeypot, Distributed Denial of Service Attack
[1] | Qassim Nasir and Zahraa Al-Mousa,: ‘Honeypots Aiding Network Forensics: Challenges and Notions’, journal of communication, Vol. 8, No. 11, November 2013. |
[2] | Spitzer Lance: ‘Honeypot Tracking Hackers’, Addison Wesley, 2002. |
[3] | Pouget F., Holz T.,: ‘A Pointillist Approach for Comparing Honeypots’. In: Julisch K., Kruegel C. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2005. Lecture Notes in Computer Science, Vol. 3548. Springer, Berlin, Heidelberg, 2005. |
[4] | Niels Provos, Thorsten Holz,: ‘Virtual Honeypots from Botnet Tracking to Intrusion Detection’, Addison Wesley, 2007. |
[5] | McGrew, Robert, ‘Experiences with honeypot systems: Development, deployment, and analysis’, HICSS'06, Proc. of the 39th Annual Hawaii Int. Conf. System Sciences, IEEE, Vol. 9, 2006. |
[6] | Niels Provos,: ‘Honeyd: A Virtual Honeypot Daemon’, USENIX Security '03, 2003. |
[7] | CERT Polska (NASK), ‘Proactive Detection of Security Incidents Honeypots’(The European Network and Information Security Agency (ENISA)), 2012. |
[8] | Natalie Weiler, ‘Honeypots for distributed denial-of-service attacks’, Proc. of Eleventh IEEE Int. Workshops on Enabling Technologies, 2002. |
[9] | Snehil Vidw arshi, Atul Tyagi, Rishi Kumar,, ‘A Discussion about Honeypots and Different Models Based on Honeypot”, International Journal of Advanced Computational Engineering and Networking, Vo. 3, No. 8, August 2015. |
[10] | Vinu V. Das, ‘Honeypot Scheme for Distributed Denial-of-Service’, Proc. of the 2009 Int. Conf. on Advanced Computer Control, January 2009, pp. 497-501. |
[11] | Mohssen M. Z. E. Mohammed, ‘Automated Signature Generation for Zero-day Polymorphic Worms Using a Double-Honeynet’, University of Cape Town, February 2012. |
[12] | Hrishikesh Arun Deshpande,: ‘HoneyMesh: Preventing Distributed Denial of Service Attacks using Virtualized Honeypots’, International Journal of Engineering Research & Technology (IJERT), Vol. 4, No. 8. August-2015. |
[13] | Honeynet project, ‘Know Your Enemy: Sebek A kernel based data capture tool’, http://www.honeynet.org/papers/sebek.pdf. |
[14] | Navita Sharma and Sukhwinder Singh Sran,: ‘Detection of threats in Honeynet using Honeywall‘, International Journal on Computer Science and Engineering (IJCSE) Vol. 3 No. 10 October 2011. |
[15] | Fahim H. Abbasi and R. J. Harris, ‘Experiences with a Generation III Virtual Honeynet’, Telecommunication Networks and Applications Conference (ATNAC), 2009. |
APA Style
Hazem Sallowm, Mohammed Assora, Mohammed Alchaita, Mohamad Aljnidi. (2017). A Hybrid Honeypot Scheme for Distributed Denial of Service Attack. American Journal of Electrical and Computer Engineering, 1(1), 33-39. https://doi.org/10.11648/j.ajece.20170101.15
ACS Style
Hazem Sallowm; Mohammed Assora; Mohammed Alchaita; Mohamad Aljnidi. A Hybrid Honeypot Scheme for Distributed Denial of Service Attack. Am. J. Electr. Comput. Eng. 2017, 1(1), 33-39. doi: 10.11648/j.ajece.20170101.15
@article{10.11648/j.ajece.20170101.15, author = {Hazem Sallowm and Mohammed Assora and Mohammed Alchaita and Mohamad Aljnidi}, title = {A Hybrid Honeypot Scheme for Distributed Denial of Service Attack}, journal = {American Journal of Electrical and Computer Engineering}, volume = {1}, number = {1}, pages = {33-39}, doi = {10.11648/j.ajece.20170101.15}, url = {https://doi.org/10.11648/j.ajece.20170101.15}, eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.ajece.20170101.15}, abstract = {The main challenge in network security is keeping up with all threat types that arise every day. Traditional security mechanisms such as firewalls and Intrusion Detection System (IDS) do not provide detection for new attacks or helping in learning new attackers’ techniques. This paper presents a hybrid honeypot scheme that combines low and high interaction honeypots to mitigate the shortcomings of both types. The low interaction honeypots are used to emulate operating systems and services, and for any outbound connection, they act as a proxy to forward the packets to real systems in high interaction honeypot. The scheme is tested by applying Distributed Denial of Service attack (DDOS) against the system, and a significant enhancement to the system security is achieved. The results show that the performance of the IDS has been improved comparing with traditional IDS. Furthermore, the false positive rate is reduced, and the true positive rate is enhanced.}, year = {2017} }
TY - JOUR T1 - A Hybrid Honeypot Scheme for Distributed Denial of Service Attack AU - Hazem Sallowm AU - Mohammed Assora AU - Mohammed Alchaita AU - Mohamad Aljnidi Y1 - 2017/05/24 PY - 2017 N1 - https://doi.org/10.11648/j.ajece.20170101.15 DO - 10.11648/j.ajece.20170101.15 T2 - American Journal of Electrical and Computer Engineering JF - American Journal of Electrical and Computer Engineering JO - American Journal of Electrical and Computer Engineering SP - 33 EP - 39 PB - Science Publishing Group SN - 2640-0502 UR - https://doi.org/10.11648/j.ajece.20170101.15 AB - The main challenge in network security is keeping up with all threat types that arise every day. Traditional security mechanisms such as firewalls and Intrusion Detection System (IDS) do not provide detection for new attacks or helping in learning new attackers’ techniques. This paper presents a hybrid honeypot scheme that combines low and high interaction honeypots to mitigate the shortcomings of both types. The low interaction honeypots are used to emulate operating systems and services, and for any outbound connection, they act as a proxy to forward the packets to real systems in high interaction honeypot. The scheme is tested by applying Distributed Denial of Service attack (DDOS) against the system, and a significant enhancement to the system security is achieved. The results show that the performance of the IDS has been improved comparing with traditional IDS. Furthermore, the false positive rate is reduced, and the true positive rate is enhanced. VL - 1 IS - 1 ER -