Abstract

Honeynet is a collection of honeypots that are set up to at- tract as many attackers as possible to learn about their pat- terns, tactics, and behaviors. However, existing honeypots suffer from a variety of fingerprinting techniques, and the current honeynet architecture does not fully utilize features of residing honeypots due to its coarse-grained data control mechanisms. To address these challenges, we propose an SDN-based intelligent honeynet called HoneyMix. HoneyMix leverages the rich programmability of SDN to cir- cumvent attackers' detection mechanisms and enables fine- grained data control for honeynet. To do this, HoneyMix simultaneously establishes multiple connections with a set of honeypots and selects the most desirable connection to inspire attackers to remain connected. In this paper, we present the HoneyMix architecture and a description of its core components.

Original languageEnglish (US)
Title of host publicationSDN-NFV Security 2016 - Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2016
PublisherAssociation for Computing Machinery, Inc
Pages1-6
Number of pages6
ISBN (Print)9781450340786
DOIs
StatePublished - Mar 11 2016
Event2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFV Security 2016 - New Orleans, United States
Duration: Mar 11 2016 → …

Other

Other2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFV Security 2016
CountryUnited States
CityNew Orleans
Period3/11/16 → …

Fingerprint

Software defined networking

Keywords

  • Honeynet
  • Honeypot
  • Network function virtualiza-tion
  • Software-defined networking

ASJC Scopus subject areas

  • Computer Science Applications
  • Software
  • Information Systems

Cite this

Han, W., Zhao, Z., Doupe, A., & Ahn, G-J. (2016). HoneyMix: Toward SDN-based intelligent honeynet. In SDN-NFV Security 2016 - Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2016 (pp. 1-6). Association for Computing Machinery, Inc. https://doi.org/10.1145/2876019.2876022

HoneyMix : Toward SDN-based intelligent honeynet. / Han, Wonkyu; Zhao, Ziming; Doupe, Adam; Ahn, Gail-Joon.

SDN-NFV Security 2016 - Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2016. Association for Computing Machinery, Inc, 2016. p. 1-6.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Han, W, Zhao, Z, Doupe, A & Ahn, G-J 2016, HoneyMix: Toward SDN-based intelligent honeynet. in SDN-NFV Security 2016 - Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2016. Association for Computing Machinery, Inc, pp. 1-6, 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFV Security 2016, New Orleans, United States, 3/11/16. https://doi.org/10.1145/2876019.2876022
Han W, Zhao Z, Doupe A, Ahn G-J. HoneyMix: Toward SDN-based intelligent honeynet. In SDN-NFV Security 2016 - Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2016. Association for Computing Machinery, Inc. 2016. p. 1-6 https://doi.org/10.1145/2876019.2876022
Han, Wonkyu ; Zhao, Ziming ; Doupe, Adam ; Ahn, Gail-Joon. / HoneyMix : Toward SDN-based intelligent honeynet. SDN-NFV Security 2016 - Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2016. Association for Computing Machinery, Inc, 2016. pp. 1-6
@inproceedings{7366b88a3ec64ecdb0f16f3765c1473d,
title = "HoneyMix: Toward SDN-based intelligent honeynet",
abstract = "Honeynet is a collection of honeypots that are set up to at- tract as many attackers as possible to learn about their pat- terns, tactics, and behaviors. However, existing honeypots suffer from a variety of fingerprinting techniques, and the current honeynet architecture does not fully utilize features of residing honeypots due to its coarse-grained data control mechanisms. To address these challenges, we propose an SDN-based intelligent honeynet called HoneyMix. HoneyMix leverages the rich programmability of SDN to cir- cumvent attackers' detection mechanisms and enables fine- grained data control for honeynet. To do this, HoneyMix simultaneously establishes multiple connections with a set of honeypots and selects the most desirable connection to inspire attackers to remain connected. In this paper, we present the HoneyMix architecture and a description of its core components.",
keywords = "Honeynet, Honeypot, Network function virtualiza-tion, Software-defined networking",
author = "Wonkyu Han and Ziming Zhao and Adam Doupe and Gail-Joon Ahn",
year = "2016",
month = "3",
day = "11",
doi = "10.1145/2876019.2876022",
language = "English (US)",
isbn = "9781450340786",
pages = "1--6",
booktitle = "SDN-NFV Security 2016 - Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2016",
publisher = "Association for Computing Machinery, Inc",

}

TY - GEN

T1 - HoneyMix

T2 - Toward SDN-based intelligent honeynet

AU - Han, Wonkyu

AU - Zhao, Ziming

AU - Doupe, Adam

AU - Ahn, Gail-Joon

PY - 2016/3/11

Y1 - 2016/3/11

N2 - Honeynet is a collection of honeypots that are set up to at- tract as many attackers as possible to learn about their pat- terns, tactics, and behaviors. However, existing honeypots suffer from a variety of fingerprinting techniques, and the current honeynet architecture does not fully utilize features of residing honeypots due to its coarse-grained data control mechanisms. To address these challenges, we propose an SDN-based intelligent honeynet called HoneyMix. HoneyMix leverages the rich programmability of SDN to cir- cumvent attackers' detection mechanisms and enables fine- grained data control for honeynet. To do this, HoneyMix simultaneously establishes multiple connections with a set of honeypots and selects the most desirable connection to inspire attackers to remain connected. In this paper, we present the HoneyMix architecture and a description of its core components.

AB - Honeynet is a collection of honeypots that are set up to at- tract as many attackers as possible to learn about their pat- terns, tactics, and behaviors. However, existing honeypots suffer from a variety of fingerprinting techniques, and the current honeynet architecture does not fully utilize features of residing honeypots due to its coarse-grained data control mechanisms. To address these challenges, we propose an SDN-based intelligent honeynet called HoneyMix. HoneyMix leverages the rich programmability of SDN to cir- cumvent attackers' detection mechanisms and enables fine- grained data control for honeynet. To do this, HoneyMix simultaneously establishes multiple connections with a set of honeypots and selects the most desirable connection to inspire attackers to remain connected. In this paper, we present the HoneyMix architecture and a description of its core components.

KW - Honeynet

KW - Honeypot

KW - Network function virtualiza-tion

KW - Software-defined networking

UR - http://www.scopus.com/inward/record.url?scp=84966461425&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84966461425&partnerID=8YFLogxK

U2 - 10.1145/2876019.2876022

DO - 10.1145/2876019.2876022

M3 - Conference contribution

SN - 9781450340786

SP - 1

EP - 6

BT - SDN-NFV Security 2016 - Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2016

PB - Association for Computing Machinery, Inc

ER -