Abstract
The aim of this project is the design and implementation of the solution able to detect an intruder in the internal network. We advocate that, instead of deploying additional fake systems in the corporate network, the production systems themselves should be instrumented to provide active defense capabilities. The proposed concept of traps can be implemented in any corporate production network, with little upfront work and little maintenance.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Bilge, L., Dumitras, T.: Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, Raleigh, North Carolina, USA, 16–18 October 2012, pp. 833–844 (2012)
Pomsathit, A.: Performance analysis of IDS with honey pot on new media broadcasting. In: 2017 International Conference on Circuits, Devices and Systems, 5–8 September 2017, pp. 201–204 (2017)
Nawrocki, M., Wahlisch, M., Schmidt, T., Keil, C., Schonfelder, J.: A Survey on Honeypot Software and Data Analysis, arXiv preprint, arXiv:1608.06249 (2016). https://arxiv.org/pdf/1608.06249.pdf. Accessed 12 June 2019
Opencanary.readthedocs.io: OpenCanary — OpenCanary 0.1 documentation (2019). https://opencanary.readthedocs.io/en/latest. Accessed 12 June 2019
Morris, A.: Kippo detect (2019). https://github.com/andrew-morris/kippo_detect. Accessed 12 June 2019
Wolfvan: Cowrie Detect (2019). GitHub. https://github.com/wolfvan/Cowrie_Detect. Accessed 12 June 2019
Campbell, R., Padayachee, K., Masombuka, T.: A survey of honeypot research: trends and opportunities. In: 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), pp. 208–212 (2015)
Wafi, H., Fiade, A., Hakiem, N., Bahaweres, R.: Implementation of a modern security systems honeypot: honey network on wireless networks. In: 2017 International Young Engineers Forum (YEF-ECE), pp. 91–96 (2017)
Artail, H., Safa, H., Sraj, M., Kuwatly, I., Al-Masri, Z.: A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks. Comput. Secur. 25(4), 274–288 (2006)
Gaspari, F., Jajodia, S., Mancini, L.V., Panico, A.: AHEAD: a new architecture for active defense. In: Proceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense, Vienna, Austria, 24 October 2016, pp. 11–16 (2016). ISBN 978-1-4503-4566-8
Elastic.co: Powering Data Search, Log Analysis, Analytics | Elastic (2019). https://ww.elastic.co/products. Accessed 12 June 2019
VMWare (2019). https://www.vmware.com/products/esxi-and-esx.html. Accessed 12 June 2019
Ibm.com: Monitor file system activity with inotify (2019). https://www.ibm.com/developerworks/library/l-ubuntu-inotify/index.html. Accessed 12 June 2019
Elastic.co: Filebeat: Lightweight Log Analysis & Elasticsearch | Elastic (2019). https://www.elastic.co/products/beats/filebeat. Accessed 12 June 2019
Kaur, N., Singh, M.: Improved file system security through restrictive access. In: 2016 International Conference on Inventive Computation Technologies (ICICT), vol. 3 (2016). https://doi.org/10.1109/inventive.2016.7830207
Gibbs, M.: Sharing with samba. Netw. World 20(30), 28 (2003). https://www.networkworld.com/article/2335460/sharing-with-samba.html. Accessed 12 June 2019
Msdn.microsoft.com: FindFirstChangeNotification function (Windows) (2019). https://msdn.microsoft.com/enus/library/windows/desktop/aa364417(v=vs.85).aspx. Accessed 12 June 2019
Stockman, M., Rein, R., Heile, A.: An open-source honeynet system to study system banner message effects on hackers. In: Proceedings of the 4th Annual ACM Conference on Research in Information Technology, Chicago, Illinois, USA, 30 September–03 October 2015, pp. 19–22 (2015). https://doi.org/10.1145/2808062.2808069. ISBN 978-1-4503-3836-3
Gao, C., Lv, S., Wei, Y., Wang, Z., Liu, Z., Cheng, X.: An effective searchable symmetric encryption with enhanced security for mobile devices. IEEE Access 6, 38860–38869 (2018). ISSN 2169-3536
Wang, C., Zhao, Z., Gong, L., Zhu, L., Liu, Z., Cheng, X.: A distributed anomaly detection system for in-vehicle network using HTM. IEEE Access 6(1), 9091–9098 (2018)
Wang, C., Zhu, L., Gong, L., Zhao, Z., Yang, L., Liu, Z., Cheng, X.: Accurate sybil attack detection based on fine-grained physical channel information. Sensors 18(3), 878 (2018). ISSN 1424-8220
Dinculeană, D., Cheng, X.: Vulnerabilities and limitations of MQTT protocol used between IoT devices. Appl. Sci. 9(5), 848 (2019)
Shi F, Chen Z, Cheng X: Behaviour modelling and individual recognition of sonar transmitter for secure communication in UASNs. IEEE Access (2019). https://doi.org/10.1109/access.2019.2923059. Print ISSN 2169-3536, Online ISSN 2169-3536
Men, J., Xu, G., Han, Z., Sun, Z., Zhou, X., Lian, W., Cheng, X.: Finding sands in the eyes: vulnerabilities discovery in IoT with EUFuzzer on human machine interface. IEEE Access 7, 103751–103759 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Cheng, X., Mihok, M. (2019). Intrusion Detection Traps within Live Network Environment. In: Vaidya, J., Zhang, X., Li, J. (eds) Cyberspace Safety and Security. CSS 2019. Lecture Notes in Computer Science(), vol 11983. Springer, Cham. https://doi.org/10.1007/978-3-030-37352-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-37352-8_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37351-1
Online ISBN: 978-3-030-37352-8
eBook Packages: Computer ScienceComputer Science (R0)