A Novel SDN based Stealthy TCP Connection Handover Mechanism for Hybrid Honeypot Systems

Fan, Wenjun and Fernández Cambronero, David (2017). A Novel SDN based Stealthy TCP Connection Handover Mechanism for Hybrid Honeypot Systems. In: "2017 3rd IEEE Conference on Network Softwarization (NetSoft 2017)", 2017/07/03, Bologna, Italy.

Description

Title: A Novel SDN based Stealthy TCP Connection Handover Mechanism for Hybrid Honeypot Systems
Author/s:
  • Fan, Wenjun
  • Fernández Cambronero, David
Item Type: Presentation at Congress or Conference (Article)
Event Title: 2017 3rd IEEE Conference on Network Softwarization (NetSoft 2017)
Event Dates: 2017/07/03
Event Location: Bologna, Italy
Title of Book: Proceedings of 2017 3rd IEEE Conference on Network Softwarization
Date: 3 July 2017
Subjects:
Freetext Keywords: Honeypots, Cyber Security, Virtualization, SDN, Traffic Redirection, Intrusion Detection
Faculty: E.T.S.I. Telecomunicación (UPM)
Department: Ingeniería de Sistemas Telemáticos [hasta 2014]
Creative Commons Licenses: None

Full text

[img]
Preview
PDF - Requires a PDF viewer, such as GSview, Xpdf or Adobe Acrobat Reader
Download (586kB) | Preview

Abstract

Honeypots have been largely used to capture and investigate malicious behavior through deliberately sacrificing their own resources in order to be attacked. Hybrid honeypot architectures consisting of frontends and backends are widely used in the research area, specially due to the benefits of their high scalability and fidelity for detailed attacking data collection. A hybrid honeypot system often needs a facility aimed to tightly control the network traffic, for purposes such as redirecting the traffic from the frontends to the backends for in-depth attack analysis. However, the current traffic redirection approaches, particularly the TCP connection handover mechanisms, are not stealthy and they can be easily detected by attackers.This paper proposes an SDN based network data controller for hybrid honeypot systems that uses a transparent TCP connection handover mechanism and provides a traffic filtering approach based on the Snort alert functionality. The controller is implemented as an application based on the open-source Ryu SDN framework. It allows the users to configure their own network data control rules, which based on the Snort alert messages will forward or redirect the traffic to the corresponding honeypots. The experiments validate the proposed mechanism and the testing results show that the controller can efficiently perform the stealthy TCP connection handover as well.

Funding Projects

TypeCodeAcronymLeaderTitle
Government of SpainTEC2015-67834-RUnspecifiedUnspecifiedGREDOS project
Government of SpainTEC2015-71932-REDTUnspecifiedUniversidad Carlos IIIElastic networks: nuevos paradigmas de redes elasticas para un mundo radicalmente basado en cloud y fog computing

More information

Item ID: 45524
DC Identifier: http://oa.upm.es/45524/
OAI Identifier: oai:oa.upm.es:45524
Deposited by: Wenjun Fan
Deposited on: 20 Apr 2017 05:38
Last Modified: 01 Aug 2017 22:30
  • Logo InvestigaM (UPM)
  • Logo GEOUP4
  • Logo Open Access
  • Open Access
  • Logo Sherpa/Romeo
    Check whether the anglo-saxon journal in which you have published an article allows you to also publish it under open access.
  • Logo Dulcinea
    Check whether the spanish journal in which you have published an article allows you to also publish it under open access.
  • Logo de Recolecta
  • Logo del Observatorio I+D+i UPM
  • Logo de OpenCourseWare UPM