Performance Analysis of Honeypot with Petri Nets

As one of the active defense technologies, the honeypot deceives the latent intruders to interact with the imitated systems or networks deployed with security mechanisms. Its modeling and performance analysis have not been well studied. In this paper, we propose a honeypot performance evaluation scheme based on Stochastic Petri Nets (SPN). We firstly set up performance evaluation models for three types of defense scenarios (i.e., firewall; firewall and Intrusion Detection System (IDS); firewall, IDS and honeypot) based on SPN. We then theoretically analyze the SPN models by constructing Markov Chains (MC), which are isomorphic to the models. With the steady state probabilities based on the MC, the system performance evaluation is done with theoretical inference. Finally, we implement the proposed three SPN models on the PIPE platform. Five parameters are applied to compare and evaluate the performance of the proposed SPN models. The analysis of the probability and delay of three scenarios shows that the simulation results validate the effectiveness in security enhancement of the honeypot under the SPN models.

[1]  Victor A. Skormin,et al.  Colored Petri nets as the enabling technology in intrusion detection systems , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[2]  Agostino Marcello Mangini,et al.  A Generalized Stochastic Petri Net Approach for Modeling Activities of Human Operators in Intermodal Container Terminals , 2016, IEEE Transactions on Automation Science and Engineering.

[3]  Jung-Shian Li,et al.  Novel intrusion prediction mechanism based on honeypot log similarity , 2016, Int. J. Netw. Manag..

[4]  Rami Puzis,et al.  Creation and Management of Social Network Honeypots for Detecting Targeted Cyber Attacks , 2017, IEEE Transactions on Computational Social Systems.

[5]  Fabrice Kordon,et al.  Adaptable Intrusion Detection Systems Dedicated to Concurrent Programs: A Petri Net-Based Approach , 2010, 2010 10th International Conference on Application of Concurrency to System Design.

[6]  Jie Yang,et al.  HIDS-DT: An Effective Hybrid Intrusion Detection System Based on Decision Tree , 2010, 2010 International Conference on Communications and Mobile Computing.

[7]  Minsoo Kim,et al.  Expert System Using Fuzzy Petri Nets in Computer Forensics , 2006, ICHIT.

[8]  George F. List,et al.  A Modular Colored Stochastic Petri Net for Modeling and Analysis of Signalized Intersections , 2016, IEEE Transactions on Intelligent Transportation Systems.

[9]  Chao Wang,et al.  Availability Analysis and Comparison of Different Intrusion-Tolerant Systems , 2004, AWCC.

[10]  Yu-An Sun,et al.  Defeating Internet attacks using risk awareness and active honeypots , 2004, Second IEEE International Information Assurance Workshop, 2004. Proceedings..

[11]  Chen Guangju Stochastic Petri-Net of Auto-Test System and Performance Evaluation , 2006 .

[12]  Pedro A. Diaz-Gomez,et al.  Improved Off-Line Intrusion Detection Using a Genetic Algorithm , 2005, ICEIS.

[13]  Mohamed G. Gouda,et al.  Structured firewall design , 2007, Comput. Networks.

[14]  Abdullah Al Nahid,et al.  Effective Intrusion Detection System Using XGBoost , 2018, Inf..

[15]  Hu-Chen Liu,et al.  Linguistic Petri Nets Based on Cloud Model Theory for Knowledge Representation and Reasoning , 2018, IEEE Transactions on Knowledge and Data Engineering.

[16]  Adriano Valenzano,et al.  Performance Evaluation and Modeling of an Industrial Application-Layer Firewall , 2018, IEEE Transactions on Industrial Informatics.

[17]  Victor A. Skormin,et al.  Automatic functionality detection in behavior-based IDS , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[18]  Luís Gomes,et al.  Prototyping of Concurrent Control Systems With Application of Petri Nets and Comparability Graphs , 2018, IEEE Transactions on Control Systems Technology.

[19]  Mohammad Abdollahi Azgomi,et al.  Modeling and Analysis of a Web Service Firewall Using Coloured Petri Nets , 2008, 2008 IEEE Asia-Pacific Services Computing Conference.

[20]  Liberios Vokorokos,et al.  Intrusion detection system based on partially ordered events and patterns , 2009, 2009 International Conference on Intelligent Engineering Systems.

[21]  Zuohua Ding,et al.  Modeling Self-Adaptive Software Systems by Fuzzy Rules and Petri Nets , 2018, IEEE Transactions on Fuzzy Systems.

[22]  Karen Rudie,et al.  Petri Net Siphon Analysis and Graph Theoretic Measures for Identifying Combination Therapies in Cancer , 2018, IEEE/ACM Transactions on Computational Biology and Bioinformatics.

[23]  Yanfei Sun,et al.  Strategic Honeypot Game Model for Distributed Denial of Service Attacks in the Smart Grid , 2017, IEEE Transactions on Smart Grid.

[24]  Zhao Hong,et al.  Network Security Situation Assessment Based on Data Fusion , 2008, First International Workshop on Knowledge Discovery and Data Mining (WKDD 2008).