Skip to main content
SpringerLink
Log in

A Decoy Framework to Protect Server from Wireless Network Worms

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

Intrusion is the primary step to conduct various kinds of network attacks. Most of the intrusion detection and intrusion prevention systems (IDPS) that make use of signature can detect only known attacks, but cannot save resources from new form of attacks like internet worms. Thus, it is necessary to collect information about unknown intrusion dynamically. Honeypots are useful security mechanism that deliberately lure intruders to probe, attack or compromise the systems. This paper presents an agent based honeymesh for protecting the network resources like servers from intrusion related attacks. In our strategy, agent programs make use of decoyports to lure intruders and redirects to honeymesh to understand attackers’ activities. Also, the agents remove malicious processes and executable files on compromised server as soon as honeypots alerts those intrusions. This novel defense mechanism detects and removes new kinds of internet worms without using signatures.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. www.us-cert.gov/ncas/tips/ST04-05.

  2. Rajarajan, G., & Ganesan, L. (2015) A detailed study on DDoS attacks and its defense mechanisms. International Journal of Applied Engineering Research, 10(49). Research India Publications. ISSN: 0973-4562.

  3. Spitzner, L. (2002). Honeypots: Tracking hackers (1st ed.). Boston: Addison-Wesley.

    Google Scholar 

  4. Zhan, Z., Xu, M., & Xu, S. (2013). Characterizing honeypot-captured cyber attacks: Statistical framework and case study. IEEE Transactions on Information Forensics and Security, 8(11), 1775–1789. doi:10.1109/TIFS.2013.2279800.

    Article  Google Scholar 

  5. https://www.honeynet.org/node/458.

  6. https://wwww.hosteddocs.ittoolbox.com/mn102904honeypots.pdf.

  7. Jordao, Riboldi, da Silva Vargas, I., & Kleinschmidt, J. H. (2015). Capture and analysis of malicious traffic in VoIP environments using a low interaction honeypot. Latin America Transactions, IEEE (Revista IEEE America Latina), 13(3), 777–783. doi:10.1109/TLA.2015.7069104.

    Article  Google Scholar 

  8. Iksu, K., & Myungho, K. (2007) The decoyport: Redirecting hackers to honeypots. In Proceedings of the first international conference NBiS, Regensburg, Germany (pp. 59–68).

  9. http://www.snort.org.

  10. Yudong, H., Donggue, P., Scungycop, Y., Hwangbin, Y., Jongsoo, J., & Jintac, O. (2009). A study of the worm detection method using self-replication. Journal of KICS, 34, 169–178.

    Google Scholar 

  11. Weiler, N. (2002). Honeypots for distributed denial of service. In Proceedings of eleventh IEEE international workshops on enabling technologies: Infrastructure for collaborative enterprises (WETICE’02). IEEE Computer Society.

  12. Balas, E., & Viecco, C. (2005). Towards a third generation data capture architecture for honeynets. In Proceedings of the sixth IEEE information assurance and security workshop, NY, USA.

  13. Dagon, D., Qin, X., Gu, G., et.al. (2004). Honeystat: Local worm detection using honeypots. In Proceedings of the seventh international symposium on recent advances in intrusion detection, Sophia Antipolis, France (pp. 39–58).

  14. Levine, J., Grizzard, J., & Owen, H. (2004). Using honeynets to protect large enterprise networks. In IEEE security and privacy (pp. 73–75).

  15. Pouget, F., & Dacier, M. (2004). Honeynet based forensic. In Proceedings of the AusCERT Asia Pacific information technology security conference, Brisbane, Australia (pp. 1–15).

  16. Provos, N. (2003). Honeyd—A virtual honeypot daemon. In Proceedings of the tenth DFN-CERT workshop, Hamburg, Germany (pp. 1–7).

  17. http://old.honeynet.org/papers/honeynet.

  18. http://old.honeynet.org/papers/gen2.

  19. Hopers, C., Stedding-Jessen, K., Cordeiro, L., & Chaves, M. (2005). A national early warning capability based on a network of distributed honeypots. In Proceedings of the 17th annual first conference on computer security incident handling, Singapore (pp. 1–4).

  20. Pouget, F., Dacier, M., & Pham, V. H. (2005). Luerre.com: On the advantages of deploying a large scale distributed honeypot platform. In Proceedings of the E-crime and computer conference, Monaco (pp. 1–13).

  21. Spitzner, L. (2003). The honeynet project: Trapping the hackers. In IEEE security and privacy magazine (pp. 15–23).

  22. http://www.symantec.com/connect/articles/honeypot-farms.

  23. Jiang, X., Xu, D., & Wang, Y. (2006). Collapser: A VM-based honeyfarm and reverse honeyfarm architecture for network attack capture and detention. Journal of Parallel and Distributed Computing, 66(9), 1165–1180.

  24. Artail, H., Safa, H., Sraj, M., Kuwatly, I., & Al-Mazri, Z. (2006). A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks. In Computer security (pp. 274–288).

  25. Bakos, G., & Gray, R. Analysis of the data collection capabilities of large scale distributed honeypot system. http://www.ists.dartmouth.edu/projects/honeypots.

  26. Bowen, B., Salem, B., Hershkop, S., Keromytis, A., & Stolfo, S. (2009). Baiting inside attackers using decoy documents. In Proceedings of the fifth international ICST conference, Athens, Greece (pp. 51–70).

  27. Bowen, B., Salem, B., Hershkop, S., Keromytis, A., & Stolfo, S. (2007). Designing host and network sensors to mitigate the insider threat. In IEEE security and privacy (pp. 22–29).

  28. Salem, B., & Stolfo, S. (2011). Decoy document deployment for effective masquerade attack detection (pp. 35–54). Berlin: Springer.

    Google Scholar 

  29. Yuill, J., Zappe, M., Denning, D., & Feer, F. (2004). Honeyfiles: Deceptive files for intrusion detection. In Proceedings of 2004 IEEE workshop on information assurance. United States Military Academy West point, NY, pp. 116–122.

  30. http://old.honeynet.org/papers/cdrom.

  31. http://old.honeynet.org/sebek.pdf.

  32. http://www.isi.edu/nsnam/ns.

  33. https://www.f-secure.com/v-descs/slapper.

  34. https://www.f-secure.com/v-descs/mblast.shtml.

  35. https://en.wikipedia.org/wiki/Blaster.

  36. www.bigeye.com/w32blast_wormremoval.htm.

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Anjalai Ammal Mahalingam Engineering College, Thiruvarur, 610 001, Tamil Nadu, India

    G. Rajarajan

  2. Department of Computer Science and Engineering, A.C. College of Engineering and Technology, Karaikudi, 630 004, Tamil Nadu, India

    Lakshmanan Ganesan

Authors
  1. G. Rajarajan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lakshmanan Ganesan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to G. Rajarajan.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Rajarajan, G., Ganesan, L. A Decoy Framework to Protect Server from Wireless Network Worms. Wireless Pers Commun 94, 1965–1978 (2017). https://doi.org/10.1007/s11277-016-3298-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-016-3298-5

Keywords

Search

Navigation