Figure - available from: Security and Communication Networks
This content is subject to copyright. Terms and conditions apply.
Source publication
Traditional security strategies are powerless when facing novel attacks in the complex network environment, such as advanced persistent threat (APT). Compared with traditional security detection strategies, the honeypot system, especially on the Internet of things research area, is intended to be attacked and automatically monitor potential attacks...
Similar publications
Objective
Machine learning methods may have better or comparable predictive ability than traditional analysis. We explore machine learning methods to predict the likelihood of acute kidney injury after liver cancer resection.
Methods
This is a secondary analysis cohort study. We reviewed data from patients who had undergone resection of primary he...
Botnet is a malicious activity that tries to disrupt traffic of service in a server or network and causes great harm to the network. In modern years, Botnets became one of the threads that constantly evolving. IDS (intrusion detection system) is one type of solutions used to detect anomalies of networks and played an increasing role in the computer...
Malware applications typically use a command and control (C&C) server to manage bots to perform malicious activities. Domain Generation Algorithms (DGAs) are popular methods for generating pseudo-random domain names that can be used to establish a communication between an infected bot and the C&C server. In recent years, machine learning based syst...
Citations
... Among the main strategies is the execution of six points: "1 governance and national coordination, 2. cyber resilience, 3. prevention and fight against cybercrime, 4. national cyber defense, 5. cybersecurity skills and capabilities, 6. international cooperation". [12] Complemented by the above, there are several ways to protect information and ensure security in both servers and data infrastructures through the use of honeypots that are useful tools to detect vulnerabilities and strengthen network security [13], [14] . In addition, honeypots have the ability to repel attacks against them and distract the attacker with a decoy network similar to the original, that [15]way the cyber-criminal is confused and believes that he is entering the real system and that he is gaining environments controlled by the owner, without imagining that he is inside a trap. ...
... Honeypot within security is a very important resource, it was designed to be attacked and examine its possible attacks, however, cybercriminals always put a step ahead in what has to do with security, they look for ways and strategies to boycott the security that is provided to the systems. According to him, he [14], proposes to update honeypot techniques so that they are not recognized by hackers and silently capture their data to counter it. For the purpose, the researcher proposed to use intelligent techniques such as Machine Learning and thus automatically check whether the honeypot is being executed or not by the server, likewise, this proposal applies the random forest algorithm with three characteristics: from the network application layer and the system where the data from known public systems were obtained and the model was used to measure its efficiency, resulting in a high value of 0.93 i.e. the algorithm is suitable for this purpose. ...
Among the different tools and techniques to detect, monitor and analyze the behavior of cybercriminals in a controlled environment is the use of Honeypots. This computer security technique consists of creating a trap or decoy that pretends to be a valuable target for cybercriminals, such as, for example, important data, applications or web servers, among others. Once the attacker enters this environment, it records all the activities and behaviors performed by them, this in turn, allows the detection and proactive response to future attacks. Likewise, they allow to reduce false positives and identify vulnerabilities of the systems. On the other hand, the implementation of these tools implies a potential risk, because they can be used by attackers to obtain information about the defenses of the institution or organization and, even more, if it is not installed correctly, leaving the system and sensitive data exposed. In this sense, there are many high and low interaction Honeypots, such as, for example, Honeyd, Dioneda, Capture-HPC, KFSensor, INetSim. Cowrie, Honeytrap, Amun, Glastopf, Contop, among others. Finally, T-Pot Honeypot is considered as a set of computers (All in one) containing both high and low interaction Honeypots, with a unique ability to customize and manage honeypots, that is, it is a powerful and effective tool in the fight against attackers and computer security threats. In addition, it allows the obtaining of behavioral data of cybercriminals to later determine patterns that allow improving Web Security.
... In recent times, there has been considerable interest in applying honeypots and machine learning for threat detection [7]. This technique has shown promise in detecting emerging threats that conventional signature-based detection systems may overlook. ...
... We grouped several types of honeypots with various operating systems in honey net to maximize the chances of trapping an attacker. Simultaneously, a scenario in which the attacker investigates the honey net via network connections between the various host systems opens up more possibilities for monitoring the attack and exposing information about the intruder [6] [7]. The honey net operator can also use it to practice attack techniques and digital forensics without jeopardizing production systems It's a high-interaction honeypot that's designed to collect a wide range of threat data. ...
The internet is becoming increasingly pervasive in the daily lives of individuals across the world, serving many purposes such as email communication, online exploration, and financial transactions. However, as technology advances, cyber criminals also become more sophisticated in their attacks, posing a growing risk to individuals and organizations alike. According to a report by Cybersecurity Ventures, cybercrime damages are expected to reach $10.5 trillion annually by 2025. To overcome these threats, ensuring security and privacy is crucial to safeguarding our data and networks against various types of anomalies and attacks. This paper aims to explore honeypots as a proactive measure against cyber threats. Honeypots mimic vulnerable systems to lure hackers into attempting to breach the system, enabling researchers to gather valuable data to enhance cyber defense mechanisms. This unique tool has emerged as an effective solution in information security, allowing for various applications such as detection, prevention, and data gathering. Furthermore, honeypots are non-intrusive and cost-effective, making them an attractive option for organizations seeking to enhance their security posture and protect sensitive data from cyber-attacks.
... We need to update/modify the DP mechanism to be able to prevent the recent DP attacks without introducing overhead in terms of computation and resources. 2) Dynamic Honeypots: FL heavily relies on the advantage of the decentralized private deep training to achieve models with real-data results [216]. Introducing honeypots at the client's end or at the centralized server with the dynamic variable selection of vulnerabilities to ensure a higher level of protected deception technology that will be capable of increasing the detection level with a higher level of interaction. ...
Federated Learning (FL, or Collaborative Learning (CL)) has surely gained a reputation for not only building Machine Learning (ML) models that rely on distributed datasets, but also for starting to play a key role in security and privacy solutions to protect sensitive data and information from a variety of ML-related attacks. This made it an ideal choice for emerging networks such as Internet of Things (IoT) systems, especially with its state-of-the-art algorithms that focus on their practical use over IoT networks, despite the presence of resource-constrained devices. However, the heterogeneous nature of the current devices and models in complex IoT networks has seriously hindered the FL training process's ability to perform well. Thus, rendering it almost unsuitable for direct deployment over IoT networks despite ongoing efforts to tackle this issue and overcome this challenging obstacle. As a result, the main characteristics of FL in the IoT from both security and privacy aspects are presented in this study. We broaden our research to investigate and analyze cutting-edge FL algorithms, models, and protocols, with a focus on their efficacy and practical application across IoT networks and systems alike. This is followed by a comparative analysis of the recently available protection solutions for FL that can be based on cryptographic and non-cryptographic solutions over heterogeneous, dynamic IoT networks. Moreover, the proposed work provides a list of suggestions and recommendations that can be applied to enhance the effectiveness of the adoption of FL and to achieve higher robustness against attacks, especially in heterogeneous dynamic IoT networks and in the presence of resource-constrained devices.
... It delivers to a private chain, and it stores the port access data in it. [4] Proposes a new automatic identification model based on a random forest algorithm. The experiment results achieved a high area under the curve (AUC) value of 0.93. ...
With the tremendous growth of cyber-attacks, the loss of private or sensitive data has risen to a peak. Honeypots are one of the most concerned topics in the field of cyber security currently. HoneyTrack is a honeypot that uses various technologies like Docker, Shell Scripts, Python, Elastic Search, Kibana, and Filebeats which protect an organization’s database as well it backtracks the hacker when it intrudes the target network. Information about the attacker will be gathered by the bot in the honeypot which will help us reach the roots of the attacker. The target networks could be varied and cause a lot of damage when sensitive data will be lost/stolen. However, this honeypot is like a traditional honeypot but quite updated with new-generation technology and their needs related to cyber-security.
... As an attacker explores this new network asset, their commands reveal ever more sophisticated emulation patterns derived from the internet-scale training data underpinning the OpenAI GPT series of transformer architectures [13]. Historically, honeypot logs provide valuable insights into the tactics, techniques, and procedures (TTPs) used by attackers, as well as help security teams to identify patterns and trends in malicious activity [17][18][19][20]. Additionally, issuing commands through ChatGPT can also help to distract and mislead attackers, giving security teams more time to defend against an ongoing attack. ...
Question-and-answer agents like ChatGPT offer a novel tool for use as a potential honeypot interface in cyber security. By imitating Linux, Mac, and Windows terminal commands and providing an interface for TeamViewer, nmap, and ping, it is possible to create a dynamic environment that can adapt to the actions of attackers and provide insight into their tactics, techniques, and procedures (TTPs). The paper illustrates ten diverse tasks that a conversational agent or large language model might answer appropriately to the effects of command-line attacker. The original result features feasibility studies for ten model tasks meant for defensive teams to mimic expected honeypot interfaces with minimal risks. Ultimately, the usefulness outside of forensic activities stems from whether the dynamic honeypot can extend the time-to-conquer or otherwise delay attacker timelines short of reaching key network assets like databases or confidential information. While ongoing maintenance and monitoring may be required, ChatGPT's ability to detect and deflect malicious activity makes it a valuable option for organizations seeking to enhance their cyber security posture. Future work will focus on cybersecurity layers, including perimeter security, host virus detection, and data security.
... On the other side, the attacker can use some techniques to identify honeypots and Huang [8] introduced an artificial intelligence method to identify honeypots; however, our model is focused on the defender. Khouzani [9] described a cybersecurity optimization problem where the model was based on a minimax optimization problem and the same approach was considered by us, where the defender problem is to keep in mind the reaction of the attacker, but the model proposed is very close to the category known as "network interdiction problems". ...
... This method of protection can help even if the attacker is using some techniques such as machine learning algorithms in order to detect honeypots. Huang [8] developed a detection algorithm for honeypots but the costs for the attacker would still increase and this aspect should be addressed in future work in order to determine the strength of our model when faced with a machine learning algorithm. ...
Cybersecurity plays an increasing role in today’s digital space, and its methods must keep pace with the changes. Both public and private sector researchers have put efforts into strengthening the security of networks by proposing new approaches. This paper presents a method to solve a game theory model by defining the contents of the game payoff matrix and incorporating honeypots in the defense strategy. Using a probabilistic approach we propose the course-of-action Stackelberg game (CoASG), where every path of the graph leads to an undesirable state based on security issues found in every host. The reality of the system is represented by a cost function which helps us to define a payoff matrix and find the best possible combination of the strategies once the game is run. The results show the benefits of using this model in the early prevention stages for detecting cyberattack patterns.
... One of the most common AI detection solutions used in the literature is AI techniques. Many AI techniques involving machine learning (ML) and deep learning (DL) that have been proposed by various researchers are either network-centric [1,3,6,7,79,[82][83][84][90][91][92][93]103,107,[111][112][113]116,118,121,125,130,131,[133][134][135][136][137][139][140][141][142][143][144][145][146][147][148][149][150][151][152], device behavior-centric [105,109,138], application-centric [5,86,110,124], or network and device-centric [89,117]. However, current network-based detection systems are ineffective against APTs because APTs employ sophisticated techniques such as encrypting the payload or using a secure communication such as SSL (e.g., Cloud Atlas APT). ...
... This study identified 23 primary studies, of which two focused on mobile [153,154], six focused on IoT devices [107,[155][156][157][158]181], two focused on cyber-physical systems [168,169], four focused on either fog computing [111,160], the 5G edge-cloud ecosystem [167], or connected and autonomous vehicle (CAV) [159], and eight in general [61,93,[161][162][163][164][165][166]. Furthermore, four primary studies focused on APT [93,107,111,160], while the others are focused on either specific attacks such as DDOS attacks [181], DOS [167], SQL injections attacks [181], or privilege-induced attacks [154], or non-specific attacks [60,61,140,[155][156][157][158][159][161][162][163][164][165][166][167][168][169], as shown in Table 6. ...
... Most of the APT defense solutions [1,[3][4][5][6][7]28,76,[86][87][88]94,97,98,[100][101][102][103]106,108,111,115,117,121,124,127,[133][134][135][136][140][141][142][143]145,147,172,173,176,178] being investigated have loopholes and limitations. Based on the literature, the APT defense solutions have focused on identifying, protecting, detecting, and responding to APT attacks. ...
During the last several years, the Internet of Things (IoT), fog computing, computer security, and cyber-attacks have all grown rapidly on a large scale. Examples of IoT include mobile devices such as tablets and smartphones. Attacks can take place that impact the confidentiality, integrity, and availability (CIA) of the information. One attack that occurs is Advanced Persistent Threat (APT). Attackers can manipulate a device’s behavior, applications, and services. Such manipulations lead to signification of a deviation from a known behavioral baseline for smartphones. In this study, the authors present a Systematic Literature Review (SLR) to provide a survey of the existing literature on APT defense mechanisms, find research gaps, and recommend future directions. The scope of this SLR covers a detailed analysis of most cybersecurity defense mechanisms and cutting-edge solutions. In this research, 112 papers published from 2011 until 2022 were analyzed. This review has explored different approaches used in cybersecurity and their effectiveness in defending against APT attacks. In a conclusion, we recommended a Situational Awareness (SA) model known as Observe–Orient–Decide–Act (OODA) to provide a comprehensive solution to monitor the device’s behavior for APT mitigation.
... Aguirre-Anaya et al. (2014) also explain several ways that low interaction honeypots could be identified.Huang et al. (2019) also suggest that mid interaction honeypots could be identified by hackers. However, identifying a high interaction honeypots is difficult since all of the function available in a regular computer are available and functionable for attackers to use. Therefore, with high interaction honeypots there is less risk of identifying the honeypo ...
Crime prevention through environmental design (CPTED) is a non-punitive method for reducing crime through the design of the built environment. The relevance of CPTED strategies, however, is less clear in the context of computing environments. Building upon prior research indicating that computing environments may change computer users’ behaviors, this study tests the effectiveness of CPTED-based approaches in mitigating system-trespassing events. Findings from this randomized controlled field trial demonstrate that specific CPTED strategies can mitigate hacking events by reducing the number of concurrent activities on the target computer, attenuating the number of commands typed in the attacked computer, and decreasing the likelihood of hackers returning to a previously hacked environment. Our findings suggest some novel and readily implemented strategies for reducing cybercrime.
... El Kamel et al. [20] proposed an algorithm based on the idea of machine learning clustering to identify the attacker in the trapping point and the result used for the configuration of the later defense strategy. Huang et al. [21] introduced a honeypot mechanism that could not be recognized by attackers based on a random forest algorithm. SMDP [22] proposes applying the Markov decision process method to attack trapping, transforms the continuous-time process into an equivalent discrete decision model, uses reinforcement learning to train the model, and finally gets the optimal strategy. ...
As an important deception defense method, a honeypot can be used to enhance the network’s active defense capability effectively. However, the existing rigid deployment method makes it difficult to deal with the uncertain strategic attack behaviors of the attackers. To solve such a problem, we propose a multiphase dynamic deployment mechanism of virtualized honeypots (MD2VH) based on the intelligent attack path prediction method. MD2VH depicts the attack and defense characteristics of both attackers and defenders through the Bayesian state attack graph, establishes a multiphase dynamic deployment optimization model of the virtualized honeypots based on the extended Markov’s decision-making process, and generates the deployment strategies dynamically by combining the online and offline reinforcement learning methods. Besides, we also implement a prototype system based on software-defined network and virtualization container, so as to evaluate the effectiveness of MD2VH. Experiments results show that the capture rate of MD2VH is maintained at about 90% in the case of both simple topology and complex topology. Compared with the simple intelligent deployment strategy, such a metric is increased by 20% to 60%, and the result is more stable under different types of the attacker’s strategy.
