基于流量的容器化蜜罐网络流量分析方法的实证研究

IF 13.3 1区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS
Sibi Chakkaravarthy Sethuraman , Tharshith Goud Jadapalli , Devi Priya Vimala Sudhakaran , Saraju P. Mohanty
{"title":"基于流量的容器化蜜罐网络流量分析方法的实证研究","authors":"Sibi Chakkaravarthy Sethuraman ,&nbsp;Tharshith Goud Jadapalli ,&nbsp;Devi Priya Vimala Sudhakaran ,&nbsp;Saraju P. Mohanty","doi":"10.1016/j.cosrev.2023.100600","DOIUrl":null,"url":null,"abstract":"<div><p><span>The world of connected devices has been attributed to applications that relied upon multitude of devices to acquire and distribute data over extremely diverse networks. This caused a plethora of potential threats. In the field of IT security, the concept of digital baits, or honeypots, which are typically network components (computer systems, access points, or switches) launched to be interrogated, savaged, and impacted, is currently popular as it allows scientists to comprehend further on assault patterns and behavior. Combining the inherent modularity with the administration enabled by the container makes security management simple and permits dispersed deployments, resulting in a very dynamic system. This study delivers several contributions in this regard. First, it comprehends the patterns, methods, and </span>malware types that container honeypots deal with thus examining new developments in existing honeypot research to fill gaps in knowledge about the honeypot technology. A broad range of independently initiated and jointly conducted container honeypot strategies and studies that encompass various methodologies is surveyed. Second, using numerous use cases that aid scientific research, we address and investigate a number of challenges pertaining to container honeypots, such as identification problems, honeypot security issues, and dependability issues. Furthermore, based on our extensive honeypot research, we developed VIKRANT, a containerized research honeypot which assists researchers as well as enthusiasts in generating real-time flow data for threat intelligence. The configured approach was monitored resulting in several data points that allowed relevant conclusions about the malevolent users’ activities.</p></div>","PeriodicalId":48633,"journal":{"name":"Computer Science Review","volume":"50 ","pages":"Article 100600"},"PeriodicalIF":13.3000,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Flow based containerized honeypot approach for network traffic analysis: An empirical study\",\"authors\":\"Sibi Chakkaravarthy Sethuraman ,&nbsp;Tharshith Goud Jadapalli ,&nbsp;Devi Priya Vimala Sudhakaran ,&nbsp;Saraju P. Mohanty\",\"doi\":\"10.1016/j.cosrev.2023.100600\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p><span>The world of connected devices has been attributed to applications that relied upon multitude of devices to acquire and distribute data over extremely diverse networks. This caused a plethora of potential threats. In the field of IT security, the concept of digital baits, or honeypots, which are typically network components (computer systems, access points, or switches) launched to be interrogated, savaged, and impacted, is currently popular as it allows scientists to comprehend further on assault patterns and behavior. Combining the inherent modularity with the administration enabled by the container makes security management simple and permits dispersed deployments, resulting in a very dynamic system. This study delivers several contributions in this regard. First, it comprehends the patterns, methods, and </span>malware types that container honeypots deal with thus examining new developments in existing honeypot research to fill gaps in knowledge about the honeypot technology. A broad range of independently initiated and jointly conducted container honeypot strategies and studies that encompass various methodologies is surveyed. Second, using numerous use cases that aid scientific research, we address and investigate a number of challenges pertaining to container honeypots, such as identification problems, honeypot security issues, and dependability issues. Furthermore, based on our extensive honeypot research, we developed VIKRANT, a containerized research honeypot which assists researchers as well as enthusiasts in generating real-time flow data for threat intelligence. The configured approach was monitored resulting in several data points that allowed relevant conclusions about the malevolent users’ activities.</p></div>\",\"PeriodicalId\":48633,\"journal\":{\"name\":\"Computer Science Review\",\"volume\":\"50 \",\"pages\":\"Article 100600\"},\"PeriodicalIF\":13.3000,\"publicationDate\":\"2023-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Science Review\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1574013723000679\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Science Review","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1574013723000679","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 1

摘要

连接设备的世界被认为是依赖于大量设备在极其多样化的网络上获取和分发数据的应用程序。这造成了过多的潜在威胁。在信息技术安全领域,数字诱饵或蜜罐的概念目前很流行,因为它可以让科学家进一步了解攻击模式和行为,数字诱饵通常是为了被审问、攻击和影响而启动的网络组件(计算机系统、接入点或交换机)。将固有的模块化与容器启用的管理相结合,使安全管理变得简单,并允许分散部署,从而形成一个非常动态的系统。这项研究在这方面作出了若干贡献。首先,它了解了容器蜜罐处理的模式、方法和恶意软件类型,从而考察了现有蜜罐研究的新进展,以填补有关蜜罐技术的知识空白。调查了一系列独立发起和联合进行的容器蜜罐策略和研究,包括各种方法。其次,使用大量有助于科学研究的用例,我们解决并调查了与容器蜜罐有关的许多挑战,如识别问题、蜜罐安全问题和可靠性问题。此外,在我们广泛的蜜罐研究的基础上,我们开发了VIKRANT,这是一种集装箱化的研究蜜罐,它可以帮助研究人员和爱好者为威胁情报生成实时流量数据。对配置的方法进行了监控,得到了几个数据点,这些数据点允许对恶意用户的活动得出相关结论。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Flow based containerized honeypot approach for network traffic analysis: An empirical study

The world of connected devices has been attributed to applications that relied upon multitude of devices to acquire and distribute data over extremely diverse networks. This caused a plethora of potential threats. In the field of IT security, the concept of digital baits, or honeypots, which are typically network components (computer systems, access points, or switches) launched to be interrogated, savaged, and impacted, is currently popular as it allows scientists to comprehend further on assault patterns and behavior. Combining the inherent modularity with the administration enabled by the container makes security management simple and permits dispersed deployments, resulting in a very dynamic system. This study delivers several contributions in this regard. First, it comprehends the patterns, methods, and malware types that container honeypots deal with thus examining new developments in existing honeypot research to fill gaps in knowledge about the honeypot technology. A broad range of independently initiated and jointly conducted container honeypot strategies and studies that encompass various methodologies is surveyed. Second, using numerous use cases that aid scientific research, we address and investigate a number of challenges pertaining to container honeypots, such as identification problems, honeypot security issues, and dependability issues. Furthermore, based on our extensive honeypot research, we developed VIKRANT, a containerized research honeypot which assists researchers as well as enthusiasts in generating real-time flow data for threat intelligence. The configured approach was monitored resulting in several data points that allowed relevant conclusions about the malevolent users’ activities.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Computer Science Review
Computer Science Review Computer Science-General Computer Science
CiteScore
32.70
自引率
0.00%
发文量
26
审稿时长
51 days
期刊介绍: Computer Science Review, a publication dedicated to research surveys and expository overviews of open problems in computer science, targets a broad audience within the field seeking comprehensive insights into the latest developments. The journal welcomes articles from various fields as long as their content impacts the advancement of computer science. In particular, articles that review the application of well-known Computer Science methods to other areas are in scope only if these articles advance the fundamental understanding of those methods.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信