Applying Clustering to Predict Attackers Trace in Deceptive Ecosystem by Harmonizing Multiple Decoys Interactions Logs

Автор: Jalaj Pateria, Laxmi Ahuja, Subhranil Som, Ashish Seth

Журнал: International Journal of Information Technology and Computer Science @ijitcs

Статья в выпуске: 5 Vol. 15, 2023 года.

Бесплатный доступ

Bluff and truth are major pillars of deception technology. Deception technology majorly relies on decoy-generated data and looks for any behavior deviation to flag that interaction as an attack or not. But at times a legitimate user can also do suspicious decoy interactions due to lack of knowledge and can be categorized under the “ATTACK” category which in a true sense should not be flagged that way. Hence, there is a need of doing collaborative analysis on honeypot, which are set up to monitor and log activities of sources that compromise or probe them. This goldmine provides ample information about the attacker intent and target, how it is moving forward in the kill chain as this information can be used to enhance threat intelligence and upgrade behaviors analysis rules. In this paper, decoys which are strategically placed in the network pointing to various databases, services, and Ips are used providing information of interactions made. This data is analyzed to understand underlying facts which can help in strengthening defense strategy, it also enhances confidence on the findings as analysis is not restricted to single decoy interaction which could be false positive or un-intentional in nature but analyzing holistically to conclude on the exact attack patten and progression. With experiment we have highlighted is reconciling various honeypots data and weighing IP visits and Honeypot interaction counts against scores and then using KNN and Weightage KNN to derive inclination of target IP against Source IP which can also be summarized as direction of Attack and count/frequency of interaction from highlights criticality of the interactions. Used KNN and W-KNN have shown approx. 94% accuracy which is best in class, also silhouette score highlighted high cohesion of data points in the experiment. Moreover, this was also analyzed that increasing the number of decoys in the analysis helps in getting better confidence on attack probability and direction.

Еще

Deception Technology, Log Data Analysis, Machine Learning, Cybersecurity, Network Monitoring, Intrusion Detection, KNN, Classification

Короткий адрес: https://sciup.org/15018949

IDR: 15018949 | DOI: 10.5815/ijitcs.2023.05.04

Список литературы Applying Clustering to Predict Attackers Trace in Deceptive Ecosystem by Harmonizing Multiple Decoys Interactions Logs

A. Kharraz, W. Robertson, D. Balzarotti, L. Bilge, and E. Kirda, “Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks,” in Detection of Intrusions and Malware, and Vulnerability Assessment, vol. 9148 of Lecture Notes in Computer Science, pp. 3–24, Springer International Publishing, Cham, 2015.View at: Publisher Site | Google Scholar
A. L. Buczak and E. Guven, "A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection," in IEEE Communications Surveys & Tutorials, vol. 18, no. 2, pp. 1153-1176, Secondquarter 2016, doi: 10.1109/COMST.2015.2494502.
Anand Handa; Rohit Negi; Sandeep Kumar Shukla, "Part I Deception Technologies & Threat Visibility – Honeypots and Security Operations," in Implementing Enterprise Cybersecurity with Open-Source Software and Standard Architecture, River Publishers, 2021, pp.3-3.
A. Sivanathan, H. H. Gharakheili and V. Sivaraman, "Detecting Behavioral Change of IoT Devices Using Clustering-Based Network Traffic Modeling," in IEEE Internet of Things Journal, vol. 7, no. 8,
B. K. Alese, F. M. Dahunsi, R. A. Akingbola, O. S. Adewale and T. J. Ogundele, "Improving deception in honeynet: Through data manipulation," The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014), 2014, pp. 198-204, doi: 10.1109/ICITST.2014.7038805.
D. D. Updyke, G. B. Dobson, T. G. Podnar, L. J. Osterritter, B. L. Earl, and A. D. Cerini, “GHOSTS in the Machine: A Framework for Cyber - Warfare Exercise NPC Simulation,” 2018.Accessed: Jul. 03, 2020. [Online]. Available: http://www.sei.cmu.edu.
D. Sgandurra, L. Mu±oz-Gonzßlez, R. Mohsen, and E. C. Lupu, “Automated Dynamic Analysis of Ransomware: Benefits, Limitations and use for Detection,” https://arxiv.org/abs/1609.03020.View at: Google Scholar
E. A. Cranford, C. Gonzalez, P. Aggarwal, S. Cooney, M. Tambe, and C. Lebiere, “Toward Personalized Deceptive Signaling for Cyber Defense Using Cognitive Models,” Top. Cogn. Sci. ,vol. 12, no. 3, pp. 992 – 1011, 2020.
Edwin K. Serem, David M. Mugo, and Boaz K. Too, DeceptiveDecoys: Combining Believable User and Network Activities and Deceptive NetworkSetup in Enhancing Effectiveness, International Journal of Electrical Engineering and Technology (IJEET),12(6),2021, pp. 281292.https://iaeme.com/Home/issue/IJEET?Volume=12&Issue=6
E. Vasilomanolakis, S. Karuppayah, M. Muhlhauser, and M. Fischer, “Taxonomy and survey of collaborative intrusion detection,” ACM Computing Surveys, vol. 47, no. 4. Association for Computing Machinery, May 01, 2015, doi: 10.1145/2716260.
J. Chigada and R. Madzinga, “Cyberattacks and threats during COVID-19: A systematic literature review,” South African J. Inf. Manag., vol. 23, no. 1, pp. 1 – 11, 2021.
J. Kim, J. Nam, S. Lee, V. Yegneswaran, P. Porras and S. Shin, "BottleNet: Hiding Network Bottlenecks Using SDN-Based Topology Deception," in IEEE Transactions on Information Forensics and Security, vol. 16, pp. 3138-3153, 2021, doi: 10.1109/TIFS.2021 .3075845.
Jiajia Liu; Abderrahim Benslimane, "3 Unmanned Driving Security and Navigation Deception," in Intelligent and Connected Vehicle Security, River Publishers, 2021, pp.117-165.
Jonathan Voris, Yingbo Song, Malek Ben Salem, Shlomo Hershkop, Salvatore Stolfo, Active authentication using file system decoys and user behavior modeling: results of a large scale study,Computers & Security,Volume 87,2019,101412,ISSN 0167-4048, https://doi.org/10.1016/j.cose.2018.07.
M. Beham, M. Vlad, and H. P. Reiser, “Intrusion detection and honeypots in nested virtualization environments,” in 2013 43rd Annual IEEE/IFIP international conference on dependable systems and networks (DSN), 2013, pp. 1 – 6.
N. Provos and T. Holz,Virtual honeypots: from botnet tracking to intrusion detection. Pearson Education, 2007.
N. Van Huynh, D. T. Hoang, D. N. Nguyen and E. Dutkiewicz, "DeepFake: Deep Dueling-Based Deception Strategy to Defeat Reactive Jammers," in IEEE Transactions on Wireless Communications, vol. 20, no. 10, pp. 6898-6914, Oct. 2021, doi: 10.1109/TWC.2021.3078439.
Q. Cao, Y. Qiao and Z. Lyu, "Machine learning to detect anomalies in web log analysis," 2017 3rd IEEE International Conference on Computer and Communications (ICCC), 2017, pp. 519-523, doi: 10.1109/CompComm.2017.8322600.
S. Allagi and R. Rachh, "Analysis of Network log data using Machine Learning," 2019 IEEE 5th International Conference for Convergence in Technology (I2CT), 2019, pp. 1-3, doi: 10.1109/I2CT45611.2019.9033737.
William Steingartner, Darko Galinec, Andrija Kozina. "Threat Defense: Cyber Deception Approach and Education for Resilience in Hybrid Threats Model", Symmetry, 2021
Yaoqing Liu; Garegin Grigoryan; Charles A. Kamhoua; Laurent L. Njilla, "Leverage SDN for Cyber‐Security Deception in Internet of Things," in Modeling and Design of Secure Internet of Things, IEEE, 2020, pp.479-503, doi: 10.1002/9781119593386.ch21
Z. H. Wang, X. Wu, C. G. Liu, Q. X. Liu, and J. L. Zhang, “RansomTracer: Exploiting Cyber Deception for Ransomware Tracing,” in Proceedings of the IEEE Third International Conference on Data Science in Cyberspace, pp. 227–234, 2018.View at: Google Scholar
Mohan, P.V.; Dixit, S.; Gyaneshwar, A.; Chadha, U.; Srinivasan, K.; Seo, J.T. Leveraging Computational Intelligence Techniques for Defensive Deception: A Review, Recent Advances, Open Problems and Future Directions. Sensors 2022, 22, 2194. https://doi.org/10.3390/s22062194

Еще

Статья научная