Development of a method for constructing linguistic standards for multi-criteria assessment of honeypot efficiency

Authors

DOI:

https://doi.org/10.15587/1729-4061.2021.225346

Keywords:

honeypot classification, virtual decoys, fuzzy standards, method of forming linguistic standards

Abstract

One of the pressing areas that is developing in the field of information security is associated with the use of Honeypots (virtual decoys, online traps), and the selection of criteria for determining the most effective Honeypots and their further classification is an urgent task. The main products that implement virtual decoy technologies are presented. They are often used to study the behavior, approaches and methods that an unauthorized party uses to gain unauthorized access to information system resources. Online hooks can simulate any resource, but more often they look like real production servers and workstations. A number of fairly effective developments are known that are used to solve the problems of detecting attacks on information system resources, which are based on the apparatus of fuzzy sets. They showed the effectiveness of the appropriate mathematical apparatus, the use of which, for example, to formalize the approach to the formation of a set of reference values that will improve the process of determining the most effective Honeypots. For this purpose, many characteristics have been formed (installation and configuration process, usage and support process, data collection, logging level, simulation level, interaction level) that determine the properties of online traps. These characteristics became the basis for developing a method for the formation of standards of linguistic variables for further selection of the most effective Honeypots. The method is based on the formation of a Honeypots set, subsets of characteristics and identifier values of linguistic estimates of the Honeypot characteristics, a base and derived frequency matrix, as well as on the construction of fuzzy terms and reference fuzzy numbers with their visualization. This will allow classifying and selecting the most effective virtual baits in the future.

Author Biographies

Anna Korchenko, National Aviation University

Doctor of Technical Sciences, Associate Professor

Department of Information Technology Security

Vladyslav Breslavskyi, Ukrainian State Centre of Radio Frequencies

Deputy Head of Department

Serhii Yevseiev, Simon Kuznets Kharkiv National University of Economics

Doctor of Technical Sciences, Professor

Department of Cyber Security and Information Technology

Anatolii Zvarych, Central Research Institute of the Armed Forces of Ukraine

PhD

Svitlana Kazmirchuk, National Aviation University

Doctor of Technical Sciences, Associate Professor

Department of Computerized Information Protection Systems

Oleg Kurchenko, Taras Shevchenko National University of Kyiv

PhD, Associate Professor, Senior Researcher

Department of Programming and Computer Equipment

Oleksandr Laptiev, State University of Telecommunications

Doctor of Technical Sciences, Senior Researcher

Department of Information and Cybersecurity Systems

Institute of Information Protection

Оleksand Sievierinov, Kharkiv National University of Radio Electronics

PhD, Associate Professor

Department of Information Technologies Security

Sirhii Tkachuk, Vinnytsia National Technical University

PhD, Associate Professor

Department of Military Training

References

  1. Korchenko, A. (2019). Metody identyfikatsii anomalnykh staniv dlia system vyiavlennia vtorhnen. Kyiv, 361.
  2. Stoll, C. (1990). Cuckoo’s Egg. NY: Pocket, 356.
  3. Cheswick, B. (1995). An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied. NY: Management Analytics and Others, 147.
  4. Spitzner, L. (2002). Honeypots: Tracking Hackers. NY: Addison-Wesley Professional, 480.
  5. Provos, N., Holz, T. (2007). Virtual Honeypots: From Botnet Tracking to Intrusion Detection. NY: Addison-Wesley Professional, 440.
  6. Honeynet Project. Blog. Available at: http://www.honeynet.org
  7. Cohen, F., Lambert, D., Preston, C., Berry, N., Stewart, C., Thomas, E. (2001). A Framework for Deception. Tech. Report.
  8. Balas, E., Viecco, C. (2005). Towards a third generation data capture architecture for honeynets. Proceedings from the Sixth Annual IEEE Systems, Man and Cybernetics (SMC) Information Assurance Workshop, 2005. doi: https://doi.org/10.1109/iaw.2005.1495929
  9. Roesch, M. (1999). Snort – lightweight intrusion detection for networks. Proceedings of LISA '99: 13th Systems Administration Conference, 229–238.
  10. LaBrea: «Sticky» Honeypot and IDS. Available at: http://labrea.sourceforge.net
  11. Hammer, R. (2006). Enhancing IDS using, Tiny Honeypot. SANS Institute.
  12. The Deception Toolkit Home Page and Mailing List. The Deception Toolkit. Available at: http://www.all.net/dtk/dtk.html
  13. Baykara, M., Daş, R. (2015). A Survey on Potential Applications of Honeypot Technology in Intrusion Detection Systems. International Journal of Computer Networks and Applications (IJCNA), 2 (5), 203–211.
  14. Thakar, U., Varma, S., Ramani, A. (2005). HoneyAnalyzer – Analysis and Extraction of Intrusion Detection Patterns & Signatures Using Honeypot. The Second International Conference on Innovations in Information Technology (IIT’05). – Indore: Institute of Technology and Science.
  15. Hnatiuk, S., Volianska, V., Karpenko, S. (2012). Modern virtual decoy systems based on honeypot technology. Ukrainian Information Security Research Journal, 14 (3 (56)), 107–115. doi: https://doi.org/10.18372/2410-7840.14.3398
  16. Jia, Z., Cui, X., Liu, Q., Wang, X., Liu, C. (2018). Micro-Honeypot: Using Browser Fingerprinting to Track Attackers. 2018 IEEE Third International Conference on Data Science in Cyberspace (DSC), 197–204. doi: http://doi.org/10.1109/DSC.2018.00036
  17. Park, J.-H., Choi, J.-W., Song, J.-S. (2016). How to Design Practical Client Honeypots Based on Virtual Environment. 2016 11th Asia Joint Conference on Information Security (AsiaJCIS), 67–73. doi: http://doi.org/10.1109/AsiaJCIS.2016.19
  18. Almohannadi, H., Awan, I., Hamar, J. A., Cullen, A., Disso, J. P., Armitage, L. (2018). Cyber Threat Intelligence from Honeypot Data Using Elasticsearch. 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA), 900–906. doi: http://doi.org/10.1109/AINA.2018.00132
  19. Fraunholz, D., Zimmermann, M., Hafner, A., Schotten, H. D. (2017). Data Mining in Long-Term Honeypot Data. 2017 IEEE International Conference on Data Mining Workshops (ICDMW), 649–656. doi: http://doi.org/10.1109/ICDMW.2017.92
  20. Moore, C. (2016). Detecting Ransomware with Honeypot Techniques. 2016 Cybersecurity and Cyberforensics Conference (CCC), 77–81. doi: http://doi.org/10.1109/CCC.2016.14
  21. Bombardieri, M., Castano, S., Curcio, F., Furfaro, A., Karatza, H. D. (2016). Honeypot-Powered Malware Reverse Engineering. 2016 IEEE International Conference on Cloud Engineering Workshop (IC2EW), 65–69. doi: http://doi.org/10.1109/IC2EW.2016.16
  22. Lin, Y.-D., Lee, C.-Y., Wu, Y.-S., Ho, P.-H., Wang, F.-Y., Tsai, Y.-L. (2014). Active versus Passive Malware Collection. Computer, 47 (4), 59–65. doi: http://doi.org/10.1109/MC.2013.226
  23. Henderson, B., Mckenna, S., Rowe, N. (2018). Web Honeypots for Spies. 2018 International Conference on Computational Science and Computational Intelligence (CSCI), 1–6. doi: http://doi.org/10.1109/CSCI46756.2018.00009
  24. Kishimoto, K., Ohira, K., Yamaguchi, Y., Yamaki, H., Takakura, H. (2012). An Adaptive Honeypot System to Capture IPv6 Address Scans. 2012 International Conference on Cyber Security. doi: https://doi.org/10.1109/cybersecurity.2012.28
  25. Hecker, C., Hay, B. (2013). Automated Honeynet Deployment for Dynamic Network Environment. 2013 46th Hawaii International Conference on System Sciences. doi: https://doi.org/10.1109/hicss.2013.110
  26. Tehnologiya Honeypot. Chast' 2: Klassifikatsiya Honeypot. Available at: https://www.securitylab.ru/analytics/275775.php
  27. Honeypots primanka na hakera. Available at: https://docplayer.ru/54222428-Honeypots-primanka-na-hakera.html
  28. Kotenko, I. V., Stepashkin, M. V. (2014). Deception systems for protection of information resources in computer networks. SPIIRAS Proceedings, 1 (2), 211. doi: https://doi.org/10.15622/sp.2.16
  29. Korchenko, O. H., Kazmirchuk, S. V., Akhmetov, B. B. (2017). Prykladni systemy otsiniuvannia ryzykiv informatsiynoi bezpeky. Kyiv, 435.
  30. Korchenko, A. G. (2006). The development of information protection systems based on the fuzzy sets. The theory and practical solutions. Kyiv, 320.
  31. Korchenko, A. A. (2014). Metod formirovaniya lingvisticheskih etalonov dlya sistem vyyavleniya vtorzheniy. Zakhyst informatsiyi, 16 (1), 5–12.
  32. Akhmetov, B., Korchenko, A., Akhmetova, S., Zhumangalieva, N. (2016). Improved method for the formation of linguistic standards for of intrusion detection systems. Journal of Theoretical and Applied Information Technology, 87 (2), 221–232.
  33. Zhumangaliyeva, N., Doszhanova, A., Korchenko, A., Kazmirchuk, S., Avkurova, Z., Zhaxygulova, D. (2020). Method of linguistic variable standards formation for honeypot classification. Bulletin of national academy of sciences of the republic of Kazakhstan, 5 (387), 16–24. doi: https://doi.org/10.32014/2020.2518-1467.138
  34. Zhumangaliyeva, N., Korchenko, A., Doszhanova, A., Shaikhanova, A., Zhadyra, S. G. A. (2019). Detection environment formation method for anomaly detection systems. Journal of Theoretical and Applied Information Technology, 97 (16), 4239–4250.
  35. Karpinski, M., Korchenko, A., Vikulov, P., Kochan, R., Balyk, A., Kozak, R. (2017). The etalon models of linguistic variables for sniffing-attack detection. 2017 9th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). doi: https://doi.org/10.1109/idaacs.2017.8095087
  36. Korchenko, A., Warwas, K., Klos-Witkowska, A. (2015). The tupel model of basic components' set formation for cyberattacks. 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). doi: https://doi.org/10.1109/idaacs.2015.7340782

Downloads

Published

2021-02-26

How to Cite

Korchenko, A., Breslavskyi, V., Yevseiev, S., Zhumangalieva, N., Zvarych, A. ., Kazmirchuk, S., Kurchenko, O., Laptiev, O., Sievierinov О., & Tkachuk, S. . (2021). Development of a method for constructing linguistic standards for multi-criteria assessment of honeypot efficiency. Eastern-European Journal of Enterprise Technologies, 1(2 (109), 14–23. https://doi.org/10.15587/1729-4061.2021.225346

Issue

Vol. 1 No. 2 (109) (2021): Information technology. Industry control systems

Section

Information technology. Industry control systems

License

Copyright (c) 2021 Анна Олександрівна Корченко, Владислав Олександрович Бреславський, Сергій Петрович Євсеєв, Назим Кенжегаліевна Жумангаліева, Анатолій Олександрович Зварич, Світлана Володимирівна Казмірчук, Олег Анастасійович Курченко, Олександр Анатолійович Лаптєв, Олександр Васильович Сєвєрінов, Сергій Сергійович Ткачук

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.