A Novel SDN based Stealthy TCP Connection Handover Mechanism for Hybrid Honeypot Systems

Fan, Wenjun y Fernández Cambronero, David (2017). A Novel SDN based Stealthy TCP Connection Handover Mechanism for Hybrid Honeypot Systems. En: "2017 3rd IEEE Conference on Network Softwarization (NetSoft 2017)", 2017/07/03, Bologna, Italy.

Descripción

Título: A Novel SDN based Stealthy TCP Connection Handover Mechanism for Hybrid Honeypot Systems
Autor/es:
  • Fan, Wenjun
  • Fernández Cambronero, David
Tipo de Documento: Ponencia en Congreso o Jornada (Artículo)
Título del Evento: 2017 3rd IEEE Conference on Network Softwarization (NetSoft 2017)
Fechas del Evento: 2017/07/03
Lugar del Evento: Bologna, Italy
Título del Libro: Proceedings of 2017 3rd IEEE Conference on Network Softwarization
Fecha: 3 Julio 2017
Materias:
Palabras Clave Informales: Honeypots, Cyber Security, Virtualization, SDN, Traffic Redirection, Intrusion Detection
Escuela: E.T.S.I. Telecomunicación (UPM)
Departamento: Ingeniería de Sistemas Telemáticos [hasta 2014]
Licencias Creative Commons: Ninguna

Texto completo

[img]
Vista Previa
PDF (Document Portable Format) - Se necesita un visor de ficheros PDF, como GSview, Xpdf o Adobe Acrobat Reader
Descargar (586kB) | Vista Previa

Resumen

Honeypots have been largely used to capture and investigate malicious behavior through deliberately sacrificing their own resources in order to be attacked. Hybrid honeypot architectures consisting of frontends and backends are widely used in the research area, specially due to the benefits of their high scalability and fidelity for detailed attacking data collection. A hybrid honeypot system often needs a facility aimed to tightly control the network traffic, for purposes such as redirecting the traffic from the frontends to the backends for in-depth attack analysis. However, the current traffic redirection approaches, particularly the TCP connection handover mechanisms, are not stealthy and they can be easily detected by attackers.This paper proposes an SDN based network data controller for hybrid honeypot systems that uses a transparent TCP connection handover mechanism and provides a traffic filtering approach based on the Snort alert functionality. The controller is implemented as an application based on the open-source Ryu SDN framework. It allows the users to configure their own network data control rules, which based on the Snort alert messages will forward or redirect the traffic to the corresponding honeypots. The experiments validate the proposed mechanism and the testing results show that the controller can efficiently perform the stealthy TCP connection handover as well.

Proyectos asociados

TipoCódigoAcrónimoResponsableTítulo
Gobierno de EspañaTEC2015-67834-RSin especificarSin especificarGREDOS project
Gobierno de EspañaTEC2015-71932-REDTSin especificarUniversidad Carlos IIIElastic networks: nuevos paradigmas de redes elasticas para un mundo radicalmente basado en cloud y fog computing

Más información

ID de Registro: 45524
Identificador DC: http://oa.upm.es/45524/
Identificador OAI: oai:oa.upm.es:45524
Depositado por: Wenjun Fan
Depositado el: 20 Abr 2017 05:38
Ultima Modificación: 01 Ago 2017 22:30
  • Open Access
  • Open Access
  • Sherpa-Romeo
    Compruebe si la revista anglosajona en la que ha publicado un artículo permite también su publicación en abierto.
  • Dulcinea
    Compruebe si la revista española en la que ha publicado un artículo permite también su publicación en abierto.
  • Recolecta
  • e-ciencia
  • Observatorio I+D+i UPM
  • OpenCourseWare UPM