9 Scopus citations

Abstract

Honeynet is a network architecture that utilizes multiple honeypots to deceive attackers and analyze their malicious behaviors. However, existing honeynet has not evolved much since its latest architecture, Gen-III, which was proposed in 2004. Meanwhile, security threats and techniques used by adversaries have been continuously advanced. As a result, honeypot architecture is suffering from its limited functionalities of 'data control' and 'data capture'. Existing data control mechanism does not monitor internal propagation of malwares in the network and also does not support honeypot transition from one to another (e.g., a low-interaction honeypot to a high-interaction honeypot). The data capture capability of traditional honeynet is also insufficient as it is vulnerable to fingerprinting attacks. To address these challenges, we design and implement an innovative SDN-based honeynet named HoneyProxy as a next generation honeynet. To prevent internal propagation of malwares within honeynet, HoneyProxy globally monitors all internal traffic with the help of Software-defined Network (SDN) controller. HoneyProxy utilizes a novel connection management mechanism across different honeypots in the network to support honeypot transitions. To this end, a HoneyProxy-enabled SDN controller centrally programs the reverse proxy module that operates in three specific modes. In addition, HoneyProxy improves the data capture capability in the existing honeynet by circumventing fingerprinting attacks through multicasting malicious traffic to relevant honeypots and selecting the response which does not contain fingerprinting indicator(s). Experimental results show that HoneyProxy can support almost line rate throughput (8.23 Gbps) on 10 Gbps link with a negligible latency overhead (0.5-1.2 milliseconds)

Original languageEnglish (US)
Title of host publication2017 IEEE Conference on Communications and Network Security, CNS 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1-9
Number of pages9
Volume2017-January
ISBN (Electronic)9781538606834
DOIs
StatePublished - Dec 19 2017
Event2017 IEEE Conference on Communications and Network Security, CNS 2017 - Las Vegas, United States
Duration: Oct 9 2017Oct 11 2017

Other

Other2017 IEEE Conference on Communications and Network Security, CNS 2017
CountryUnited States
CityLas Vegas
Period10/9/1710/11/17

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'HoneyProxy: Design and implementation of next-generation honeynet via SDN'. Together they form a unique fingerprint.

  • Cite this

    Kyung, S., Han, W., Tiwari, N., Dixit, V. H., Srinivas, L., Zhao, Z., Doupe, A., & Ahn, G-J. (2017). HoneyProxy: Design and implementation of next-generation honeynet via SDN. In 2017 IEEE Conference on Communications and Network Security, CNS 2017 (Vol. 2017-January, pp. 1-9). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CNS.2017.8228653