Efficacy Measuring Framework for the Assessment of Dynamic Honeypot

2021 International Conference on Advances in Computing, Communication, and Control (ICAC3) Pub Date : 2021-12-03 DOI:10.1109/icac353642.2021.9697296

Vaishali Shirsath, M. Chandane

{"title":"Efficacy Measuring Framework for the Assessment of Dynamic Honeypot","authors":"Vaishali Shirsath, M. Chandane","doi":"10.1109/icac353642.2021.9697296","DOIUrl":null,"url":null,"abstract":"Honeypots are the form of decoys deployed in the network to capture malicious and unauthorized activities, they are also used to observe adversary behavior, tools, and strategies in a variety of ways. However, the effectiveness of the honeypot is only determined when it is breached by the intruder. Unfortunately, implementing and maintaining honeypots is difficult and it is also hard to measure the efficacy that compounds the problems after implementation. There is a need for some processes to determine if honeypot is efficient while it is kept active round-the-clock. This is an active issue since an ineffective honeypot could result in poor efficiency, misrepresentation, or even premature detection by an attacker. As a result, a detailed and in-depth analysis framework for honeypot efficacy has been proposed in this paper, which has hitherto not appeared in much literature, and reveals several important limitations of active honeypot for the organization when it is not required. The objective is to determine the decision matrix to assess honeypot's ability to fingerprint, obtain valid adversary data, deceive intruders, and smartly monitor the network environment at an optimum cost.","PeriodicalId":196238,"journal":{"name":"2021 International Conference on Advances in Computing, Communication, and Control (ICAC3)","volume":"22 2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Advances in Computing, Communication, and Control (ICAC3)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/icac353642.2021.9697296","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Honeypots are the form of decoys deployed in the network to capture malicious and unauthorized activities, they are also used to observe adversary behavior, tools, and strategies in a variety of ways. However, the effectiveness of the honeypot is only determined when it is breached by the intruder. Unfortunately, implementing and maintaining honeypots is difficult and it is also hard to measure the efficacy that compounds the problems after implementation. There is a need for some processes to determine if honeypot is efficient while it is kept active round-the-clock. This is an active issue since an ineffective honeypot could result in poor efficiency, misrepresentation, or even premature detection by an attacker. As a result, a detailed and in-depth analysis framework for honeypot efficacy has been proposed in this paper, which has hitherto not appeared in much literature, and reveals several important limitations of active honeypot for the organization when it is not required. The objective is to determine the decision matrix to assess honeypot's ability to fingerprint, obtain valid adversary data, deceive intruders, and smartly monitor the network environment at an optimum cost.

查看原文本刊更多论文

动态蜜罐评价效能测量框架

蜜罐是部署在网络中的诱饵形式，用于捕获恶意和未经授权的活动，它们也用于以各种方式观察对手的行为、工具和策略。然而，蜜罐的有效性只有在被入侵者破坏时才能确定。不幸的是，实现和维护蜜罐是困难的，也很难衡量效果，这在实现后使问题复杂化。当蜜罐24小时处于活动状态时，需要一些进程来确定它是否有效。这是一个活跃的问题，因为无效的蜜罐可能导致效率低下，错误陈述，甚至攻击者过早检测。因此，本文提出了一个详细而深入的蜜罐功效分析框架，该框架迄今为止尚未在很多文献中出现，并揭示了活性蜜罐在不需要时对组织的几个重要限制。目标是确定决策矩阵，以评估蜜罐识别指纹、获取有效对手数据、欺骗入侵者以及以最佳成本智能监控网络环境的能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 International Conference on Advances in Computing, Communication, and Control (ICAC3)

自引率

0.00%

发文量