![]() ![]() Finally, the proposed system is successfully tested against the five popular fingerprinting tools. Later, it proposes an FIS to correctly correlate the identified influential fields by the PCA and predict an attempted fingerprinting attack and its severity level on the honeypot. Successively, it applies PCA to determine the most influential fields, which can be further utilised to develop an effective approach to predict the fingerprinting attack. Subsequently, based on preliminary observations and empirical evidence, a number of important fields of collected TCP/IP packets are analysed to ascertain abnormalities or patterns as an indication of an attempted fingerprinting attack. The attack simulation data is captured in two different logs by the KFSensor honeypot and Wireshark analyser for forensic analysis. The simulation is accomplished by employing a KFSensor honeypot, and Nmap and Xprobe2 fingerprinting tools. Initially, this paper performs a simulation of fingerprinting attacks on the honeypot to collect attack data (TCP/IP packets). Conversely, the proposed CI-enabled honeypot analyses this stream of TCP/IP packets sent by an attacker to obtain signs of an attempted fingerprint attack on the honeypot. ![]() The mechanism used is to send a stream of fabricated TCP/IP packets by an attacker to prompt a response in the form of TCP/IP packets containing fingerprint information of the target system. The proposed CI-enabled design is focused on the most common Operating System (OS) fingerprinting attack, which is performed on the target system to obtain specific information regarding the OS, services, device type and type of architecture. Therefore, this paper presents a Computational Intelligence (CI) enabled honeypot that is capable of discovering and predicting an attempted fingerprinting attack by using a principal components analysis (PCA) and fuzzy inference system (FIS). Unfortunately, no specific method is available to detect and predict an attempted fingerprinting attack in real-time as it is challenging to distinguish it from other attacks. It would be beneficial if an attempted fingerprinting attack can be predicted timely. Ī Honeypot can be protected from a fingerprinting attack, however, this is not consistent with the principle of a honeypot, which is established with the purpose of gaining information about attackers. Generally, for any unconcealed system fingerprinting is not of great concern, but for a honeypot it may be end of its life, resulting in significant consequences, for example, it can be exploited as a zombie by an attacker to attack others. Nonetheless, cyberattackers always attempt to uncover these honeypots and one of the most effective techniques for revealing their identity is a fingerprinting attack. As a concealed system, it is essential to disguise its identity for its successful operation. As an active defence system, a honeypot functions as a decoy to entice cyberattackers to reveal information which can be utilised by security experts in updating their security procedures. Security experts adapted their strategy due to the significant increase in cyberattacks, in particular, the increase in their complexity and resolution which led to the application of both active and passive defence systems as a part of their defensive strategies. ![]() ![]() This proposed system is successfully tested against the five popular fingerprinting tools Nmap, Xprobe2, NetScanTools Pro, SinFP3 and Nessus. This paper presents a computational intelligence enabled honeypot that is capable of discovering and predicting an attempted fingerprinting attack by using a Principal components analysis and Fuzzy inference system. Unfortunately, no specific method is available to detect and predict an attempted fingerprinting attack in real-time due to the difficulty of isolating it from other attacks. A technique to discover any attempted fingerprinting attack is highly desirable, for honeypots, while interacting with cyberattackers. Several effective techniques are available to prevent a fingerprinting attack, however, that would be contrary to the purpose of a honeypot, which is designed to interact with attackers to attempt to discover information relating to them. Once identified, a honeypot can be exploited as a zombie by an attacker to attack others. Nonetheless, cyberattackers frequently attempt to uncover these honeypots one of the most effective techniques for revealing their identity is a fingerprinting attack. Therefore, it is essential to disguise its identity to ensure its successful operation. A honeypot is a concealed security system that functions as a decoy to entice cyberattackers to reveal their information. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |