Abstract
Intrusion is the primary step to conduct various kinds of network attacks. Most of the intrusion detection and intrusion prevention systems (IDPS) that make use of signature can detect only known attacks, but cannot save resources from new form of attacks like internet worms. Thus, it is necessary to collect information about unknown intrusion dynamically. Honeypots are useful security mechanism that deliberately lure intruders to probe, attack or compromise the systems. This paper presents an agent based honeymesh for protecting the network resources like servers from intrusion related attacks. In our strategy, agent programs make use of decoyports to lure intruders and redirects to honeymesh to understand attackers’ activities. Also, the agents remove malicious processes and executable files on compromised server as soon as honeypots alerts those intrusions. This novel defense mechanism detects and removes new kinds of internet worms without using signatures.
Similar content being viewed by others
References
Rajarajan, G., & Ganesan, L. (2015) A detailed study on DDoS attacks and its defense mechanisms. International Journal of Applied Engineering Research, 10(49). Research India Publications. ISSN: 0973-4562.
Spitzner, L. (2002). Honeypots: Tracking hackers (1st ed.). Boston: Addison-Wesley.
Zhan, Z., Xu, M., & Xu, S. (2013). Characterizing honeypot-captured cyber attacks: Statistical framework and case study. IEEE Transactions on Information Forensics and Security, 8(11), 1775–1789. doi:10.1109/TIFS.2013.2279800.
https://wwww.hosteddocs.ittoolbox.com/mn102904honeypots.pdf.
Jordao, Riboldi, da Silva Vargas, I., & Kleinschmidt, J. H. (2015). Capture and analysis of malicious traffic in VoIP environments using a low interaction honeypot. Latin America Transactions, IEEE (Revista IEEE America Latina), 13(3), 777–783. doi:10.1109/TLA.2015.7069104.
Iksu, K., & Myungho, K. (2007) The decoyport: Redirecting hackers to honeypots. In Proceedings of the first international conference NBiS, Regensburg, Germany (pp. 59–68).
Yudong, H., Donggue, P., Scungycop, Y., Hwangbin, Y., Jongsoo, J., & Jintac, O. (2009). A study of the worm detection method using self-replication. Journal of KICS, 34, 169–178.
Weiler, N. (2002). Honeypots for distributed denial of service. In Proceedings of eleventh IEEE international workshops on enabling technologies: Infrastructure for collaborative enterprises (WETICE’02). IEEE Computer Society.
Balas, E., & Viecco, C. (2005). Towards a third generation data capture architecture for honeynets. In Proceedings of the sixth IEEE information assurance and security workshop, NY, USA.
Dagon, D., Qin, X., Gu, G., et.al. (2004). Honeystat: Local worm detection using honeypots. In Proceedings of the seventh international symposium on recent advances in intrusion detection, Sophia Antipolis, France (pp. 39–58).
Levine, J., Grizzard, J., & Owen, H. (2004). Using honeynets to protect large enterprise networks. In IEEE security and privacy (pp. 73–75).
Pouget, F., & Dacier, M. (2004). Honeynet based forensic. In Proceedings of the AusCERT Asia Pacific information technology security conference, Brisbane, Australia (pp. 1–15).
Provos, N. (2003). Honeyd—A virtual honeypot daemon. In Proceedings of the tenth DFN-CERT workshop, Hamburg, Germany (pp. 1–7).
Hopers, C., Stedding-Jessen, K., Cordeiro, L., & Chaves, M. (2005). A national early warning capability based on a network of distributed honeypots. In Proceedings of the 17th annual first conference on computer security incident handling, Singapore (pp. 1–4).
Pouget, F., Dacier, M., & Pham, V. H. (2005). Luerre.com: On the advantages of deploying a large scale distributed honeypot platform. In Proceedings of the E-crime and computer conference, Monaco (pp. 1–13).
Spitzner, L. (2003). The honeynet project: Trapping the hackers. In IEEE security and privacy magazine (pp. 15–23).
Jiang, X., Xu, D., & Wang, Y. (2006). Collapser: A VM-based honeyfarm and reverse honeyfarm architecture for network attack capture and detention. Journal of Parallel and Distributed Computing, 66(9), 1165–1180.
Artail, H., Safa, H., Sraj, M., Kuwatly, I., & Al-Mazri, Z. (2006). A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks. In Computer security (pp. 274–288).
Bakos, G., & Gray, R. Analysis of the data collection capabilities of large scale distributed honeypot system. http://www.ists.dartmouth.edu/projects/honeypots.
Bowen, B., Salem, B., Hershkop, S., Keromytis, A., & Stolfo, S. (2009). Baiting inside attackers using decoy documents. In Proceedings of the fifth international ICST conference, Athens, Greece (pp. 51–70).
Bowen, B., Salem, B., Hershkop, S., Keromytis, A., & Stolfo, S. (2007). Designing host and network sensors to mitigate the insider threat. In IEEE security and privacy (pp. 22–29).
Salem, B., & Stolfo, S. (2011). Decoy document deployment for effective masquerade attack detection (pp. 35–54). Berlin: Springer.
Yuill, J., Zappe, M., Denning, D., & Feer, F. (2004). Honeyfiles: Deceptive files for intrusion detection. In Proceedings of 2004 IEEE workshop on information assurance. United States Military Academy West point, NY, pp. 116–122.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Rajarajan, G., Ganesan, L. A Decoy Framework to Protect Server from Wireless Network Worms. Wireless Pers Commun 94, 1965–1978 (2017). https://doi.org/10.1007/s11277-016-3298-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-016-3298-5