Development of a method for constructing linguistic standards for multi-criteria assessment of honeypot efficiency

Authors

DOI:

https://doi.org/10.15587/1729-4061.2021.225346

Keywords:

honeypot classification, virtual decoys, fuzzy standards, method of forming linguistic standards

Abstract

One of the pressing areas that is developing in the field of information security is associated with the use of Honeypots (virtual decoys, online traps), and the selection of criteria for determining the most effective Honeypots and their further classification is an urgent task. The main products that implement virtual decoy technologies are presented. They are often used to study the behavior, approaches and methods that an unauthorized party uses to gain unauthorized access to information system resources. Online hooks can simulate any resource, but more often they look like real production servers and workstations. A number of fairly effective developments are known that are used to solve the problems of detecting attacks on information system resources, which are based on the apparatus of fuzzy sets. They showed the effectiveness of the appropriate mathematical apparatus, the use of which, for example, to formalize the approach to the formation of a set of reference values that will improve the process of determining the most effective Honeypots. For this purpose, many characteristics have been formed (installation and configuration process, usage and support process, data collection, logging level, simulation level, interaction level) that determine the properties of online traps. These characteristics became the basis for developing a method for the formation of standards of linguistic variables for further selection of the most effective Honeypots. The method is based on the formation of a Honeypots set, subsets of characteristics and identifier values of linguistic estimates of the Honeypot characteristics, a base and derived frequency matrix, as well as on the construction of fuzzy terms and reference fuzzy numbers with their visualization. This will allow classifying and selecting the most effective virtual baits in the future.

Author Biographies

Anna Korchenko, National Aviation University

Doctor of Technical Sciences, Associate Professor

Department of Information Technology Security

Vladyslav Breslavskyi, Ukrainian State Centre of Radio Frequencies

Deputy Head of Department

Serhii Yevseiev, Simon Kuznets Kharkiv National University of Economics

Doctor of Technical Sciences, Professor

Department of Cyber Security and Information Technology

Anatolii Zvarych, Central Research Institute of the Armed Forces of Ukraine

PhD

Svitlana Kazmirchuk, National Aviation University

Doctor of Technical Sciences, Associate Professor

Department of Computerized Information Protection Systems

Oleg Kurchenko, Taras Shevchenko National University of Kyiv

PhD, Associate Professor, Senior Researcher

Department of Programming and Computer Equipment

Oleksandr Laptiev, State University of Telecommunications

Doctor of Technical Sciences, Senior Researcher

Department of Information and Cybersecurity Systems

Institute of Information Protection

Оleksand Sievierinov, Kharkiv National University of Radio Electronics

PhD, Associate Professor

Department of Information Technologies Security

Sirhii Tkachuk, Vinnytsia National Technical University

PhD, Associate Professor

Department of Military Training

References

  1. Korchenko, A. (2019). Metody identyfikatsii anomalnykh staniv dlia system vyiavlennia vtorhnen. Kyiv, 361.
  2. Stoll, C. (1990). Cuckoo’s Egg. NY: Pocket, 356.
  3. Cheswick, B. (1995). An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied. NY: Management Analytics and Others, 147.
  4. Spitzner, L. (2002). Honeypots: Tracking Hackers. NY: Addison-Wesley Professional, 480.
  5. Provos, N., Holz, T. (2007). Virtual Honeypots: From Botnet Tracking to Intrusion Detection. NY: Addison-Wesley Professional, 440.
  6. Honeynet Project. Blog. Available at: http://www.honeynet.org
  7. Cohen, F., Lambert, D., Preston, C., Berry, N., Stewart, C., Thomas, E. (2001). A Framework for Deception. Tech. Report.
  8. Balas, E., Viecco, C. (2005). Towards a third generation data capture architecture for honeynets. Proceedings from the Sixth Annual IEEE Systems, Man and Cybernetics (SMC) Information Assurance Workshop, 2005. doi: https://doi.org/10.1109/iaw.2005.1495929
  9. Roesch, M. (1999). Snort – lightweight intrusion detection for networks. Proceedings of LISA '99: 13th Systems Administration Conference, 229–238.
  10. LaBrea: «Sticky» Honeypot and IDS. Available at: http://labrea.sourceforge.net
  11. Hammer, R. (2006). Enhancing IDS using, Tiny Honeypot. SANS Institute.
  12. The Deception Toolkit Home Page and Mailing List. The Deception Toolkit. Available at: http://www.all.net/dtk/dtk.html
  13. Baykara, M., Daş, R. (2015). A Survey on Potential Applications of Honeypot Technology in Intrusion Detection Systems. International Journal of Computer Networks and Applications (IJCNA), 2 (5), 203–211.
  14. Thakar, U., Varma, S., Ramani, A. (2005). HoneyAnalyzer – Analysis and Extraction of Intrusion Detection Patterns & Signatures Using Honeypot. The Second International Conference on Innovations in Information Technology (IIT’05). – Indore: Institute of Technology and Science.
  15. Hnatiuk, S., Volianska, V., Karpenko, S. (2012). Modern virtual decoy systems based on honeypot technology. Ukrainian Information Security Research Journal, 14 (3 (56)), 107–115. doi: https://doi.org/10.18372/2410-7840.14.3398
  16. Jia, Z., Cui, X., Liu, Q., Wang, X., Liu, C. (2018). Micro-Honeypot: Using Browser Fingerprinting to Track Attackers. 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC), 197–204. doi: http://doi.org/10.1109/DSC.2018.00036
  17. Park, J.-H., Choi, J.-W., Song, J.-S. (2016). How to Design Practical Client Honeypots Based on Virtual Environment. 2016 11th Asia Joint Conference on Information Security (AsiaJCIS), 67–73. doi: http://doi.org/10.1109/AsiaJCIS.2016.19
  18. Almohannadi, H., Awan, I., Hamar, J. A., Cullen, A., Disso, J. P., Armitage, L. (2018). Cyber Threat Intelligence from Honeypot Data Using Elasticsearch. 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA), 900–906. doi: http://doi.org/10.1109/AINA.2018.00132
  19. Fraunholz, D., Zimmermann, M., Hafner, A., Schotten, H. D. (2017). Data Mining in Long-Term Honeypot Data. 2017 IEEE International Conference on Data Mining Workshops (ICDMW), 649–656. doi: http://doi.org/10.1109/ICDMW.2017.92
  20. Moore, C. (2016). Detecting Ransomware with Honeypot Techniques. 2016 Cybersecurity and Cyberforensics Conference (CCC), 77–81. doi: http://doi.org/10.1109/CCC.2016.14
  21. Bombardieri, M., Castano, S., Curcio, F., Furfaro, A., Karatza, H. D. (2016). Honeypot-Powered Malware Reverse Engineering. 2016 IEEE International Conference on Cloud Engineering Workshop (IC2EW), 65–69. doi: http://doi.org/10.1109/IC2EW.2016.16
  22. Lin, Y.-D., Lee, C.-Y., Wu, Y.-S., Ho, P.-H., Wang, F.-Y., Tsai, Y.-L. (2014). Active versus Passive Malware Collection. Computer, 47 (4), 59–65. doi: http://doi.org/10.1109/MC.2013.226
  23. Henderson, B., Mckenna, S., Rowe, N. (2018). Web Honeypots for Spies. 2018 International Conference on Computational Science and Computational Intelligence (CSCI), 1–6. doi: http://doi.org/10.1109/CSCI46756.2018.00009
  24. Kishimoto, K., Ohira, K., Yamaguchi, Y., Yamaki, H., Takakura, H. (2012). An Adaptive Honeypot System to Capture IPv6 Address Scans. 2012 International Conference on Cyber Security. doi: https://doi.org/10.1109/cybersecurity.2012.28
  25. Hecker, C., Hay, B. (2013). Automated Honeynet Deployment for Dynamic Network Environment. 2013 46th Hawaii International Conference on System Sciences. doi: https://doi.org/10.1109/hicss.2013.110
  26. Tehnologiya Honeypot. Chast' 2: Klassifikatsiya Honeypot. Available at: https://www.securitylab.ru/analytics/275775.php
  27. Honeypots primanka na hakera. Available at: https://docplayer.ru/54222428-Honeypots-primanka-na-hakera.html
  28. Kotenko, I. V., Stepashkin, M. V. (2014). Deception systems for protection of information resources in computer networks. SPIIRAS Proceedings, 1 (2), 211. doi: https://doi.org/10.15622/sp.2.16
  29. Korchenko, O. H., Kazmirchuk, S. V., Akhmetov, B. B. (2017). Prykladni systemy otsiniuvannia ryzykiv informatsiynoi bezpeky. Kyiv, 435.
  30. Korchenko, A. G. (2006). The development of information protection systems based on the fuzzy sets. The theory and practical solutions. Kyiv, 320.
  31. Korchenko, A. A. (2014). Metod formirovaniya lingvisticheskih etalonov dlya sistem vyyavleniya vtorzheniy. Zakhyst informatsiyi, 16 (1), 5–12.
  32. Akhmetov, B., Korchenko, A., Akhmetova, S., Zhumangalieva, N. (2016). Improved method for the formation of linguistic standards for of intrusion detection systems. Journal of Theoretical and Applied Information Technology, 87 (2), 221–232.
  33. Zhumangaliyeva, N., Doszhanova, A., Korchenko, A., Kazmirchuk, S., Avkurova, Z., Zhaxygulova, D. (2020). Method of linguistic variable standards formation for honeypot classification. Bulletin of national academy of sciences of the republic of Kazakhstan, 5 (387), 16–24. doi: https://doi.org/10.32014/2020.2518-1467.138
  34. Zhumangaliyeva, N., Korchenko, A., Doszhanova, A., Shaikhanova, A., Zhadyra, S. G. A. (2019). Detection environment formation method for anomaly detection systems. Journal of Theoretical and Applied Information Technology, 97 (16), 4239–4250.
  35. Karpinski, M., Korchenko, A., Vikulov, P., Kochan, R., Balyk, A., Kozak, R. (2017). The etalon models of linguistic variables for sniffing-attack detection. 2017 9th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). doi: https://doi.org/10.1109/idaacs.2017.8095087
  36. Korchenko, A., Warwas, K., Klos-Witkowska, A. (2015). The tupel model of basic components' set formation for cyberattacks. 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). doi: https://doi.org/10.1109/idaacs.2015.7340782

Downloads

Published

2021-02-26

How to Cite

Korchenko, A., Breslavskyi, V., Yevseiev, S., Zhumangalieva, N., Zvarych, A. ., Kazmirchuk, S., Kurchenko, O., Laptiev, O., Sievierinov О., & Tkachuk, S. . (2021). Development of a method for constructing linguistic standards for multi-criteria assessment of honeypot efficiency. Eastern-European Journal of Enterprise Technologies, 1(2 (109), 14–23. https://doi.org/10.15587/1729-4061.2021.225346

Issue

Section

Information technology. Industry control systems