6 Citations (Scopus)

Abstract

Honeynet is a network architecture that utilizes multiple honeypots to deceive attackers and analyze their malicious behaviors. However, existing honeynet has not evolved much since its latest architecture, Gen-III, which was proposed in 2004. Meanwhile, security threats and techniques used by adversaries have been continuously advanced. As a result, honeypot architecture is suffering from its limited functionalities of 'data control' and 'data capture'. Existing data control mechanism does not monitor internal propagation of malwares in the network and also does not support honeypot transition from one to another (e.g., a low-interaction honeypot to a high-interaction honeypot). The data capture capability of traditional honeynet is also insufficient as it is vulnerable to fingerprinting attacks. To address these challenges, we design and implement an innovative SDN-based honeynet named HoneyProxy as a next generation honeynet. To prevent internal propagation of malwares within honeynet, HoneyProxy globally monitors all internal traffic with the help of Software-defined Network (SDN) controller. HoneyProxy utilizes a novel connection management mechanism across different honeypots in the network to support honeypot transitions. To this end, a HoneyProxy-enabled SDN controller centrally programs the reverse proxy module that operates in three specific modes. In addition, HoneyProxy improves the data capture capability in the existing honeynet by circumventing fingerprinting attacks through multicasting malicious traffic to relevant honeypots and selecting the response which does not contain fingerprinting indicator(s). Experimental results show that HoneyProxy can support almost line rate throughput (8.23 Gbps) on 10 Gbps link with a negligible latency overhead (0.5-1.2 milliseconds)

Original languageEnglish (US)
Title of host publication2017 IEEE Conference on Communications and Network Security, CNS 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1-9
Number of pages9
Volume2017-January
ISBN (Electronic)9781538606834
DOIs
StatePublished - Dec 19 2017
Event2017 IEEE Conference on Communications and Network Security, CNS 2017 - Las Vegas, United States
Duration: Oct 9 2017Oct 11 2017

Other

Other2017 IEEE Conference on Communications and Network Security, CNS 2017
CountryUnited States
CityLas Vegas
Period10/9/1710/11/17

Fingerprint

Data acquisition
Controllers
Multicasting
Network architecture
Telecommunication traffic
Throughput
Malware

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Cite this

Kyung, S., Han, W., Tiwari, N., Dixit, V. H., Srinivas, L., Zhao, Z., ... Ahn, G-J. (2017). HoneyProxy: Design and implementation of next-generation honeynet via SDN. In 2017 IEEE Conference on Communications and Network Security, CNS 2017 (Vol. 2017-January, pp. 1-9). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CNS.2017.8228653

HoneyProxy : Design and implementation of next-generation honeynet via SDN. / Kyung, Sukwha; Han, Wonkyu; Tiwari, Naveen; Dixit, Vaibhav Hemant; Srinivas, Lakshmi; Zhao, Ziming; Doupe, Adam; Ahn, Gail-Joon.

2017 IEEE Conference on Communications and Network Security, CNS 2017. Vol. 2017-January Institute of Electrical and Electronics Engineers Inc., 2017. p. 1-9.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kyung, S, Han, W, Tiwari, N, Dixit, VH, Srinivas, L, Zhao, Z, Doupe, A & Ahn, G-J 2017, HoneyProxy: Design and implementation of next-generation honeynet via SDN. in 2017 IEEE Conference on Communications and Network Security, CNS 2017. vol. 2017-January, Institute of Electrical and Electronics Engineers Inc., pp. 1-9, 2017 IEEE Conference on Communications and Network Security, CNS 2017, Las Vegas, United States, 10/9/17. https://doi.org/10.1109/CNS.2017.8228653
Kyung S, Han W, Tiwari N, Dixit VH, Srinivas L, Zhao Z et al. HoneyProxy: Design and implementation of next-generation honeynet via SDN. In 2017 IEEE Conference on Communications and Network Security, CNS 2017. Vol. 2017-January. Institute of Electrical and Electronics Engineers Inc. 2017. p. 1-9 https://doi.org/10.1109/CNS.2017.8228653
Kyung, Sukwha ; Han, Wonkyu ; Tiwari, Naveen ; Dixit, Vaibhav Hemant ; Srinivas, Lakshmi ; Zhao, Ziming ; Doupe, Adam ; Ahn, Gail-Joon. / HoneyProxy : Design and implementation of next-generation honeynet via SDN. 2017 IEEE Conference on Communications and Network Security, CNS 2017. Vol. 2017-January Institute of Electrical and Electronics Engineers Inc., 2017. pp. 1-9
@inproceedings{d4c483f342644a5b913a9cd8be5b5aec,
title = "HoneyProxy: Design and implementation of next-generation honeynet via SDN",
abstract = "Honeynet is a network architecture that utilizes multiple honeypots to deceive attackers and analyze their malicious behaviors. However, existing honeynet has not evolved much since its latest architecture, Gen-III, which was proposed in 2004. Meanwhile, security threats and techniques used by adversaries have been continuously advanced. As a result, honeypot architecture is suffering from its limited functionalities of 'data control' and 'data capture'. Existing data control mechanism does not monitor internal propagation of malwares in the network and also does not support honeypot transition from one to another (e.g., a low-interaction honeypot to a high-interaction honeypot). The data capture capability of traditional honeynet is also insufficient as it is vulnerable to fingerprinting attacks. To address these challenges, we design and implement an innovative SDN-based honeynet named HoneyProxy as a next generation honeynet. To prevent internal propagation of malwares within honeynet, HoneyProxy globally monitors all internal traffic with the help of Software-defined Network (SDN) controller. HoneyProxy utilizes a novel connection management mechanism across different honeypots in the network to support honeypot transitions. To this end, a HoneyProxy-enabled SDN controller centrally programs the reverse proxy module that operates in three specific modes. In addition, HoneyProxy improves the data capture capability in the existing honeynet by circumventing fingerprinting attacks through multicasting malicious traffic to relevant honeypots and selecting the response which does not contain fingerprinting indicator(s). Experimental results show that HoneyProxy can support almost line rate throughput (8.23 Gbps) on 10 Gbps link with a negligible latency overhead (0.5-1.2 milliseconds)",
author = "Sukwha Kyung and Wonkyu Han and Naveen Tiwari and Dixit, {Vaibhav Hemant} and Lakshmi Srinivas and Ziming Zhao and Adam Doupe and Gail-Joon Ahn",
year = "2017",
month = "12",
day = "19",
doi = "10.1109/CNS.2017.8228653",
language = "English (US)",
volume = "2017-January",
pages = "1--9",
booktitle = "2017 IEEE Conference on Communications and Network Security, CNS 2017",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - HoneyProxy

T2 - Design and implementation of next-generation honeynet via SDN

AU - Kyung, Sukwha

AU - Han, Wonkyu

AU - Tiwari, Naveen

AU - Dixit, Vaibhav Hemant

AU - Srinivas, Lakshmi

AU - Zhao, Ziming

AU - Doupe, Adam

AU - Ahn, Gail-Joon

PY - 2017/12/19

Y1 - 2017/12/19

N2 - Honeynet is a network architecture that utilizes multiple honeypots to deceive attackers and analyze their malicious behaviors. However, existing honeynet has not evolved much since its latest architecture, Gen-III, which was proposed in 2004. Meanwhile, security threats and techniques used by adversaries have been continuously advanced. As a result, honeypot architecture is suffering from its limited functionalities of 'data control' and 'data capture'. Existing data control mechanism does not monitor internal propagation of malwares in the network and also does not support honeypot transition from one to another (e.g., a low-interaction honeypot to a high-interaction honeypot). The data capture capability of traditional honeynet is also insufficient as it is vulnerable to fingerprinting attacks. To address these challenges, we design and implement an innovative SDN-based honeynet named HoneyProxy as a next generation honeynet. To prevent internal propagation of malwares within honeynet, HoneyProxy globally monitors all internal traffic with the help of Software-defined Network (SDN) controller. HoneyProxy utilizes a novel connection management mechanism across different honeypots in the network to support honeypot transitions. To this end, a HoneyProxy-enabled SDN controller centrally programs the reverse proxy module that operates in three specific modes. In addition, HoneyProxy improves the data capture capability in the existing honeynet by circumventing fingerprinting attacks through multicasting malicious traffic to relevant honeypots and selecting the response which does not contain fingerprinting indicator(s). Experimental results show that HoneyProxy can support almost line rate throughput (8.23 Gbps) on 10 Gbps link with a negligible latency overhead (0.5-1.2 milliseconds)

AB - Honeynet is a network architecture that utilizes multiple honeypots to deceive attackers and analyze their malicious behaviors. However, existing honeynet has not evolved much since its latest architecture, Gen-III, which was proposed in 2004. Meanwhile, security threats and techniques used by adversaries have been continuously advanced. As a result, honeypot architecture is suffering from its limited functionalities of 'data control' and 'data capture'. Existing data control mechanism does not monitor internal propagation of malwares in the network and also does not support honeypot transition from one to another (e.g., a low-interaction honeypot to a high-interaction honeypot). The data capture capability of traditional honeynet is also insufficient as it is vulnerable to fingerprinting attacks. To address these challenges, we design and implement an innovative SDN-based honeynet named HoneyProxy as a next generation honeynet. To prevent internal propagation of malwares within honeynet, HoneyProxy globally monitors all internal traffic with the help of Software-defined Network (SDN) controller. HoneyProxy utilizes a novel connection management mechanism across different honeypots in the network to support honeypot transitions. To this end, a HoneyProxy-enabled SDN controller centrally programs the reverse proxy module that operates in three specific modes. In addition, HoneyProxy improves the data capture capability in the existing honeynet by circumventing fingerprinting attacks through multicasting malicious traffic to relevant honeypots and selecting the response which does not contain fingerprinting indicator(s). Experimental results show that HoneyProxy can support almost line rate throughput (8.23 Gbps) on 10 Gbps link with a negligible latency overhead (0.5-1.2 milliseconds)

UR - http://www.scopus.com/inward/record.url?scp=85046549040&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85046549040&partnerID=8YFLogxK

U2 - 10.1109/CNS.2017.8228653

DO - 10.1109/CNS.2017.8228653

M3 - Conference contribution

VL - 2017-January

SP - 1

EP - 9

BT - 2017 IEEE Conference on Communications and Network Security, CNS 2017

PB - Institute of Electrical and Electronics Engineers Inc.

ER -