Visible to the public Honeypots That Bite Back: A Fuzzy Technique for Identifying and Inhibiting Fingerprinting Attacks on Low Interaction Honeypots

TitleHoneypots That Bite Back: A Fuzzy Technique for Identifying and Inhibiting Fingerprinting Attacks on Low Interaction Honeypots
Publication TypeConference Paper
Year of Publication2018
AuthorsNaik, N., Jenkins, P., Cooke, R., Yang, L.
Conference Name2018 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE)
Date PublishedJuly 2018
ISBN Number978-1-5090-6020-7
Keywordsattack actions, authorisation, completeness attack vectors, computer network security, data privacy, fingerprint low-interaction honeypots, Fingerprint recognition, fingerprinting attack tools, fingerprinting detection mechanism, fingerprinting techniques, fuzzy set theory, fuzzy technique, honey pots, Human Behavior, human factors, inhibiting fingerprinting attacks, Internet, IP networks, low interaction honeypots, low- interaction honeypot, low-interaction honeypot, Operating systems, performance evaluation, Probes, pubcrawl, resilience, Resiliency, Scalability, security, TCPIP, telecommunication security, Tools, Windows - KFSensor

The development of a robust strategy for network security is reliant upon a combination of in-house expertise and for completeness attack vectors used by attackers. A honeypot is one of the most popular mechanisms used to gather information about attacks and attackers. However, low-interaction honeypots only emulate an operating system and services, and are more prone to a fingerprinting attack, resulting in severe consequences such as revealing the identity of the honeypot and thus ending the usefulness of the honeypot forever, or worse, enabling it to be converted into a bot used to attack others. A number of tools and techniques are available both to fingerprint low-interaction honeypots and to defend against such fingerprinting; however, there is an absence of fingerprinting techniques to identify the characteristics and behaviours that indicate fingerprinting is occurring. Therefore, this paper proposes a fuzzy technique to correlate the attack actions and predict the probability that an attack is a fingerprinting attack on the honeypot. Initially, an experimental assessment of the fingerprinting attack on the low- interaction honeypot is performed, and a fingerprinting detection mechanism is proposed that includes the underlying principles of popular fingerprinting attack tools. This implementation is based on a popular and commercially available low-interaction honeypot for Windows - KFSensor. However, the proposed fuzzy technique is a general technique and can be used with any low-interaction honeypot to aid in the identification of the fingerprinting attack whilst it is occurring; thus protecting the honeypot from the fingerprinting attack and extending its life.

Citation Keynaik_honeypots_2018