D-FRI-Honeypot: A Secure Sting Operation for Hacking the Hackers Using Dynamic Fuzzy Rule Interpolation

As active network defence systems, honeypots are commonly used as a decoy to inspect attackers and their attack tactics in order to improve the cybersecurity infrastructure of an organisation. A honeypot may be successful provided that it disguises its identity. However, cyberattackers continuously endeavour to discover honeypots for evading any deception and bolstering their attacks. Active fingerprinting attack is one such technique that may be used to discover honeypots by sending specially designed traffic. Preventing a fingerprinting attack is possible but doing that may hinder the process of dealing with the attackers, counteracting the purpose of a honeypot. Instead, detecting an attempted fingerprinting attack in real-time can enhance a honeypot’s capability, uninterruptedly managing any immediate consequences and preventing the honeypot being identified. Nevertheless, it is difficult to detect and predict an attempted fingerprinting attack due to the challenge of isolating it from other similar attacks, particularly when imprecise observations are involved in the monitoring of the traffic. Dynamic fuzzy rule interpolation (D-FRI) enables an adaptive approach for effective reasoning with such situations by exploiting the best of both inference and interpolation. The dynamic rules produced by D-FRI facilitate approximate reasoning with perpetual changes that often occur in this type of application, where dynamic rules are required to cover new network conditions. This paper proposes a D-FRI-Honeypot, an enhanced honeypot running D-FRI framework in conjunction with Principal Component Analysis, to detect and predict an attempted fingerprinting attack on honeypots. This D-FRI-Honeypot works with a sparse rule base but is able to detect active fingerprinting attacks when it does not find any matching rules. Also, it learns from current network conditions and offers a dynamically enriched rule base to support more precise detection. This D-FRI-Honeypot is tested against five popular fingerprinting tools (namely, Nmap, Xprobe2, NetScanTools Pro, SinFP3 and Nessus), to demonstrate its successful applications.

[1]  L. Spitzner,et al.  Honeypots: Tracking Hackers , 2002 .

[2]  H. Kaiser The Application of Electronic Computers to Factor Analysis , 1960 .

[3]  J. Horn A rationale and test for the number of factors in factor analysis , 1965, Psychometrika.

[4]  Nitin Naik,et al.  Discovering Hackers by Stealth: Predicting Fingerprinting Attacks on Honeypot Systems , 2018, 2018 IEEE International Systems Engineering Symposium (ISSE).

[5]  Nitin Naik,et al.  Application of dynamic fuzzy rule interpolation for intrusion detection: D-FRI-Snort , 2016, 2016 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE).

[6]  Lloyd G. Greenwald,et al.  Toward Undetected Operating System Fingerprinting , 2007, WOOT.

[7]  W. Velicer,et al.  Comparison of five rules for determining the number of components to retain. , 1986 .

[8]  존 맥해일,et al.  Active network defense system and method , 2003 .

[9]  Qiang Shen,et al.  Fuzzy interpolative reasoning via scale and move transformations , 2006, IEEE Transactions on Fuzzy Systems.

[10]  Hiromi Makino,et al.  A method for modeling freehand curves - The fuzzy spline interpolation , 1995, Systems and Computers in Japan.

[11]  Qiang Shen,et al.  D-FRI-CiscoFirewall: Dynamic Fuzzy Rule Interpolation for Cisco ASA Firewall , 2019, 2019 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE).

[12]  Jason W. Osborne,et al.  Best practices in exploratory factor analysis: four recommendations for getting the most from your analysis. , 2005 .

[13]  Ebrahim H. Mamdani,et al.  An Experiment in Linguistic Synthesis with a Fuzzy Logic Controller , 1999, Int. J. Hum. Comput. Stud..

[14]  Nitin Naik,et al.  Intelligent Dynamic Honeypot Enabled by Dynamic Fuzzy Rule Interpolation , 2018, 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS).

[15]  Nitin Naik,et al.  Building a cognizant honeypot for detecting active fingerprinting attacks using dynamic fuzzy rule interpolation , 2020, Expert Syst. J. Knowl. Eng..

[16]  Sy-Yen Kuo,et al.  Xprobe2++: Low volume remote network information gathering tool , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[17]  Joseph D. Touch,et al.  Updated Specification of the IPv4 ID Field , 2013, RFC.

[18]  László T. Kóczy,et al.  Approximate reasoning by linear rule interpolation and general approximation , 1993, Int. J. Approx. Reason..

[19]  Nitin Naik,et al.  D-FRI-WinFirewall: Dynamic fuzzy rule interpolation for Windows Firewall , 2017, 2017 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE).

[20]  Nitin Naik,et al.  Vigilant Dynamic Honeypot Assisted by Dynamic Fuzzy Rule Interpolation , 2018, 2018 IEEE Symposium Series on Computational Intelligence (SSCI).

[21]  Nitin Naik,et al.  A computational intelligence enabled honeypot for chasing ghosts in the wires , 2020 .

[22]  D. Dubois,et al.  ON FUZZY INTERPOLATION , 1999 .

[23]  Qiang Shen,et al.  Dynamic Fuzzy Rule Interpolation and Its Application to Intrusion Detection , 2018, IEEE Transactions on Fuzzy Systems.

[24]  Nitin Naik,et al.  A Fuzzy Approach for Detecting and Defending Against Spoofing Attacks on Low Interaction Honeypots , 2018, 2018 21st International Conference on Information Fusion (FUSION).

[25]  Nitin Naik,et al.  Honeypots That Bite Back: A Fuzzy Technique for Identifying and Inhibiting Fingerprinting Attacks on Low Interaction Honeypots , 2018, 2018 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE).

[26]  Neil C. Rowe,et al.  Measuring the Effectiveness of Honeypot Counter-Counterdeception , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[27]  Nitin Naik,et al.  Threat-Aware Honeypot for Discovering and Predicting Fingerprinting Attacks Using Principal Components Analysis , 2018, 2018 IEEE Symposium Series on Computational Intelligence (SSCI).