Scalable Honeynet Based on Artificial Intelligence Utilizing Cloud Computing

Download Full Text
Author(s):
Nogol Memari
Published Date:
January 05, 2014
Issue:
Volume 4, Issue 1
Page(s):
27 - 34
DOI:
10.7815/ijorcs.41.2014.078
Views:
4231
Downloads:
138

Keywords:
artificial intelligence, internet security, cloud computing, scalability, honeynet, honeypot
Citation:
Nogol Memari, "Scalable Honeynet Based on Artificial Intelligence Utilizing Cloud Computing". International Journal of Research in Computer Science, 4 (1): pp. 27-34, January 2014. doi:10.7815/ijorcs.41.2014.078 Other Formats

Abstract

The Honeynet is not a single system but a network sits behind a firewall where all inbound and outbound data is contained, captured and controlled. The Honeynet has two main components, data control and data capture. Data control is the way of filtering and allowing data flow and data capturing is collecting information for analyzing later on. The analysis is using the information which is collected and stored in Honeynet. The presence of high traffic makes it very difficult for human supervisors to monitor the status of the system 24/7, whereas by using an AI this task can be simplified. AI can monitor and analyze the hacker’s activities, tools, IP addresses and adjust the Honeynet accordingly. Combination of Honeynet with AI based scaling and monitoring can indeed be very useful, both in terms of security and hardware resources.

  1. Michael E. Whitman, & Herbert J. Mattord, “Principles of information security. Cengage Learning”, 2010. ISBN: 1111138214
  2. Charles Haley, Robin Laney, Jonathan Moffett, Bashar Nuseibeh, "Security Requirements Engineering: A Framework for Representation and Analysis," IEEE Transactions on Software Engineering, vol. 34, no. 1, pp. 133-153, January, 2008. doi: 10.1109/TSE.2007.70754
  3. M. Howard, S. Lipner, “The security development lifecycle”, Microsoft Press, vol. 11, 2009. ISBN: 9780735622142
  4. B. R. Kandukuri, V.R. Paturi, A. Rakshit, “Cloud security issues”, IEEE International Conference on Services Computing, pp. 517-520, 2009. doi: 10.1109/SCC.2009.84
  5. Daniel E. Geer, “The evolution of security”, queue. 5, no.3, pp.30-35, 2007. doi: 10.1145/1242489.1242500
  6. Niels Provos, Thorsten Holz, “Virtual honeypots: from botnet tracking to intrusion detection”, Pearson Education, 2007.
  7. J.S Bhatia, R. Sehgal, B. Bhushan, H. Kaur, “A case study on host based data analysis & cyber criminal profiling in Honeynets”, First International Communication Systems and Networks and Workshops, pp.1-2, 2009. doi: 10.1109/COMSNETS.2009.4808902
  8. Bahman Nikkhahan, Akbar Jangi Aghdam, Sahar Sohrabi, “E-government security: A honeynet approach”, International Journal of Advanced Science and Technology, vol.5, 2009.
  9. Davide Cavalca, Emanuele Goldoni, “An open architecture for distributed malware collection and analysis”, Open Source Software for Digital Forensics, Springer US, pp. 101-116, 2010. doi: 10.1007/978-1-4419-5803-7_7
  10. C.C. Zou, R. Cunningham, “Honeypot-aware advanced botnet construction and maintenance”, International Conference on Dependable Systems and Networks, pp.199-208, 2006. doi: 10.1109/DSN.2006.38
  11. D. Watson, J. Riden, “The honeynet project: Data collection tools, infrastructure, archives and analysis”, WOMBAT Workshop on Information Security Threats Data Collection and Sharing, WISTDCS'08, pp.24-30, 2008, doi: 10.1109/WISTDCS.2008.11
  12. Y. Zhou, J. Zhuge, N. XU, X. JIAO, W. SUN, Y. JI, Y. DU, “Matrix, a distributed honeynet and its applications”, 20th Annual FIRST Conference (FIRST’08), Canada, 2008.
  13. Young Hoon Moon, Huy Kang Kim, “Proactive Detection of Botnets with Intended Forceful Infections from Multiple Malware Collecting Channels”, Future Information Technology, Springer Berlin, pp.29-36, 2011. doi: 10.1007/978-3-642-22333-4_4
  14. C. Leita, V. H. Pham, O. Thonnard, E.S. Ramirez, F. Pouget, E. Kirda, M. Dacier, “The leurre. com project: collecting internet threats information using a worldwide distributed honeynet”, WOMBAT Workshop on Information Security Threats Data Collection and Sharing, WISTDCS'08, pp.40-57, 2008. doi: 10.1109/WISTDCS.2008.8
  15. Michael Armbrust, Armando Fox, Rean Griffith, Anthony D. Joseph, Randy Katz, Andy Konwinski, Gunho Lee, David Patterson, Ariel Rabkin, Ion Stoica, Matei Zaharia, “A view of cloud computing”, Communications of the ACM, 53(4), pp.50-58, 2010. doi: 10.1145/1721654.1721672
  16. Qi Zhang, Lu Cheng, Raouf Boutaba, “Cloud computing: state-of-the-art and research challenges”, Journal of Internet Services and Applications, vol.1, issue1, pp.7-18, 2010. doi: 10.1007/s13174-010-0007-6
  17. Rajkumar Buyya, Chee Shin Yeo, Srikumar Venugopal, James Broberg, Ivona Brandic, “Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility”, Future Generation computer systems, vol.25, issue.6, pp.599-616. doi: 10.1016/j.future.2008.12.001
  18. Peter Mell, Timothy Grance, “The NIST definition of cloud computing”, NIST special publication, 800(145), 2011.
  19. Katarina Stanoevska-Slabeva, Thomas Wozniak , “Cloud basics–an introduction to cloud computing”, Grid and Cloud Computing, Springer Berlin Heidelberg, pp.47-61, 2010. doi: 10.1007/978-3-642-05193-7_4
  20. Hui Jie Ding, “Traffic Flow Data Collection and Signal Control System Based on Internet of Things and Cloud Computing”, Advanced Materials Research, vol.846, pp.1608-1611, 2013. doi: 10.4028/www.scientific.net/AMR.846-847.1608
  21. Nuno Santos, Krishna P. Gummadi, Rodrigo Rodrigues, “Towards trusted cloud computing”, Conference on Hot topics in cloud computing, pp.3, 2009. doi: .
  22. Peter Mell, Tim Grance, “Effectively and securely using the cloud computing paradigm”, NIST, Information Technology Lab, 2009.
  23. L. Wang, J. Tao, M. Kunze, A.C. Castellanos, D. Kramer, W. Karl, “Scientific cloud computing: Early definition and experience”, 10th IEEE International Conference on High Performance Computing and Communications, HPCC'08, pp. -830, 2008. doi: 10.1109/HPCC.2008.38
  24. Bernd Grobauer, Thomas Schreck, “Towards incident handling in the cloud: challenges and approaches”, ACM workshop on Cloud computing security workshop pp.77-86, 2010. doi: 1 0.1145/1866835.1866850
  25. Chang-Lung Tsai, Uei-Chin Lin, A.Y. Chang, Chun-Jung Chen, “Information security issue of enterprises adopting the application of cloud computing”, Sixth International Conference Networked Computing and Advanced Information Management, pp.645-649. 2010.
  26. Sean Carlin, Kevin Curran, “Cloud computing security”, International Journal of Ambient Computing and Intelligence (IJACI), vol.3. no.1, pp.14-19, 2011.
  27. Yanpei Chen, Vern Paxson, Randy H. Katz, “What’s new about cloud computing security”, University of California, Berkeley Report No. UCB/EECS-2010-5, 2010.
  28. Borko Furht, Armando J. Escalante, “Handbook of cloud computing”, Springer Publishing Company, Incorporated, 2010.
  29. Brendan Cully, Geoffrey Lefebvre, Dutch Meyer, Mike Feeley, Norm Hutchinson, Andrew Warfield, “Remus: High availability via asynchronous virtual machine replication”, Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, pp.161-174, 2008.
  30. K. Nance, B. Hay, M. Bishop, “Investigating the implications of virtual machine introspection for digital forensics. International Conference on Availability, Reliability and Security, ARES'09, pp.1024-1029, 2009. doi: 10.1109/ARES.2009.173
  31. Avi Kivity, Yaniv Kamay, Dor Laor, Uri Lublin, Anthony Liguori, “KVM: the Linux virtual machine monitor”, Proceedings of the Linux Symposium, vol.1, pp.225-230, 2007.
  32. F. Lombardi, R. Di Pietro, “Secure virtualization for cloud computing”, Journal of Network and Computer Applications, vol.34, no.4, pp.1113-1122, 2011.
  33. eanna Matthews, Tal Garfinkel, Christofer Hoff, Jeff Wheeler “Virtual machine contracts for datacenter and cloud computing environments”, Proceedings of the 1st workshop on Automated control for datacenters and clouds, pp. 25-30, 2009. doi: 10.1145/1555271.1555278
  34. J. Quan, K. Nance, Brian Hay, “A Mutualistic Security Service Model: Supporting Large-Scale Virtualized Environments” IT Professional, vol.13, no.3, pp.18-23, 2011. doi: 10.1109/MITP.2011.36
  35. Jun Wang, Jing Zeng, “Construction of large-scale honeynet Based on Honeyd”, Procedia Engineering, vol.15, pp.3260-3264, 2011. doi: 10.1016/j.proeng.2011.08.612
  36. M.H. Sqalli, S.N. Firdous, Z. Baig, F. Azzedin, “An Entropy and Volume-Based Approach for Identifying Malicious Activities in Honeynet Traffic. International Conference on Cyberworlds (CW), pp.23-30, 20011 doi: 10.1109/CW.2011.35
  37. Olivier Thonnard, Marc Dacier , “A framework for attack patterns' discovery in honeynet data”, Digital investigation, vol.5, pp.S128-S139, 2008. doi: 10.1016/j.diin.2008.05.012
  38. Ping Wang, Lei Wu, Ryan Cunningham, Cliff C. Zou, “Honeypot detection in advanced botnet attacks”, International Journal of Information and Computer Security, vol.4, no.1, pp.30-51. doi: 10.1504/IJICS.2010.031858
  39. J.S. Bhatia, R. Sehgal, B. Bhushan, H. Kaur, “M"ulti Layer Cyber Attack Detection through Honeynet”, New Technologies, Mobility and Security, NTMS'08, pp.1-5, 2008. doi: 10.1109/NTMS.2008.ECP.65
  40. Yao Zhao, Yinglian Xie, Fang Yu, Qifa Ke, Yuan Yu, Yan Chen, Eliot Gillum, “BotGraph: Large Scale Spamming Botnet Detection”, Proceedings of the 6th USENIX symposium on Networked systems design and implementation (NSDI'09), vol.9, pp.321-334, 2009.
  41. Wira Zanoramy Ansiry Zakaria, S.R. Ahmad, Norazah Abd Aziz, “Deploying virtual honeypots on virtual machine monitor”, International Symposium on Information Technology, ITSim 2008, vol.4, pp.1-5. doi: 10.1109/ITSIM.2008.4631930
  42. Ting Zhang, Lin Hong Guo, “Research and Implementation of Experimental Platform for Network Attack and Defence Based on Honeynet”, Advanced Materials Research, vol.403, pp.2221-2224, 2012. doi: 10.4028/www.scientific.net/AMR.403-408.2221
  43. Jianwei Zhuge, Thorsten Holz, Xinhui Han, Chengyu Song, Wei Zou, “Collecting autonomous spreading malware using high-interaction honeypots”, Information and Communications Security, Springer Berlin Heidelberg , pp. 438-451, 2007. doi: 10.1007/978-3-540-77048-0_34
  44. Michael Ligh, Steven Adair, Blake Hartstein, Matthew Richard, “Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code”, Wiley Publishing, 2010.
  45. Michael Vrable, Justin Ma, Jay Chen, David Moore, Erik Vandekieft, Alex C. Snoeren, Geoffrey M. Voelker, and Stefan Savage, “Scalability, fidelity, and containment in the potemkin virtual honeyfarm”, ACM SIGOPS Operating Systems Review, vol.39, no. 5, pp.148-162, 2005. doi: 10.1145/1095809.1095825
  46. George W. Dunlap, Samuel T. King, Sukru Cinar, Murtaza A. Basrai, and Peter M. Chen, “ReVirt: Enabling intrusion analysis through virtual-machine logging and replay”, ACM SIGOPS Operating Systems Review, vol.36(SI), pp.211-224.
  47. Zhichun Li, Anup Goyal, Yan Chen, “Honeynet-based botnet scan traffic analysis”, Botnet Detection, vol 36, pp.25-44, Springer US, 3008. doi: 10.1007/978-0-387-68768-1_2
  48. Krasser, Sven, G. Conti, J. Grizzard, J. Gribschaw, H. Owen, “Real-time and forensic network data analysis using animated and coordinated visualization”, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, IAW'05, pp. 42-49, 2005. doi: 10.1109/IAW.2005.1495932
  49. F. Daryabar, A. Dehghantanha, F. Norouzi, F. Mahmoodi, “Analysis of virtual honeynet and VLAN-based virtual networks” International Symposium on Humanities, Science & Engineering Research (SHUSER), pp. 73-77, 2011. doi: 10.1109/SHUSER.2011.6008503
  50. Samuel Oswald Hunter, “Virtual Honeypots: Management, attack analysis and democracy”, March 2010.

    Sorry, there are no citation(s) for this manuscript yet.