Skip to main content
SpringerLink
Log in

A Security Framework for the Detection of Targeted Attacks Using Honeypot

  • Conference paper
  • First Online:
Proceedings of Fifth International Conference on Computer and Communication Technologies (IC3T 2023)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 897))

Included in the following conference series:

  • 72 Accesses

Abstract

The reliance on the Internet is growing steadily day by day, making susceptible to various security risks such as code injection, session hijacking, Denial-of-Service attacks, etc. These attacks threaten the CIA triad, that is, Confidentiality, Integrity, and Availability. As a result, ensuring uninterrupted security has become a demanding undertaking. Of all the options available, a honeypot is one of the best security mechanisms an organization can rely on. It is a system used as a trap for threat actors to believe it is a real system. The study of tricks and their attack vectors enables an understanding of potential security vulnerabilities, allowing for the implementation of measures to safeguard assets before any compromise occurs. This work presents the development of a real organizational network on the AWS Cloud, with a focus on enhancing cyber security measures. The network includes an all-in-one honeypot, TPOT, and vulnerable web servers on one server, while a secure web server and database server are deployed on another. The system aims to detect nine different types of attacks, such as DoS, brute force, and XSS, leveraging the T-Pot framework to analyze attack parameters. The crucial aspect of log monitoring is addressed through AWS Cloud Watch, which logs all processes on the connected instances. Additionally, Route 53 health checks are used to analyze traffic levels and implement necessary mitigation strategies. This comprehensive network setup offers a robust defense against potential cyber threats, ensuring the organization's security and enabling proactive measures to safeguard its digital assets. Proposed security framework exhibits the significant results in detecting multiple targeted attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Das VV (2009) Honeypot scheme for distributed denial-of-service. In: 2009 International conference on advanced computer control. IEEE, pp 497–501

    Google Scholar 

  2. Pashaei A, Akbari ME, Lighvan MZ, Charmin A (2022) Early intrusion detection system using honeypot for industrial control networks. Results Eng 16:100576

    Article  Google Scholar 

  3. Leaden G, Zimmermann M, DeCusatis C, Labouseur AG (2017) An API honeypot for DDoS and XSS analysis. In: 2017 IEEE MIT undergraduate research technology conference (URTC). IEEE, pp 1–4

    Google Scholar 

  4. Kambow N, Passi LK (2014) Honeypots: the need of network security. Int J Comput Sci Inf Technol 5(5):6098–6101

    Google Scholar 

  5. Sembiring I (2016) Implementation of honeypot to detect and prevent distributed denial of service attack. In: 2016 3rd international conference on information technology, computer, and electrical engineering (ICITACEE). IEEE, pp 345–350

    Google Scholar 

  6. Melhem H, Dayoub Y (2022) A hybrid honeypot framework for DDOS attacks detection and mitigation

    Google Scholar 

  7. Weiler N (2002) Honeypots for distributed denial-of-service attacks. In: Proceedings on eleventh IEEE international workshops on enabling technologies: infrastructure for collaborative enterprises. IEEE, pp 109–114

    Google Scholar 

  8. Spitzner L (2003) Honeypots: catching the insider threat. In: Proceedings on 19th annual computer security applications conference, 2003. IEEE, pp 170–179

    Google Scholar 

  9. Moore C (2016) Detecting ransomware with honeypot techniques. In: 2016 cybersecurity and cyberforensics conference (CCC). IEEE, pp 77–81

    Google Scholar 

  10. Alshahrani A (2023) Predication attacks based on intelligent honeypot technique

    Google Scholar 

  11. Hakim MA, Aksu H, Uluagac AS, Akkaya K (2018) U-pot: a honeypot framework for upnp-based iot devices. In: 2018 IEEE 37th international performance computing and communications conference (IPCCC)). IEEE, pp 1–8

    Google Scholar 

  12. Luo X, Yan Q, Wang M, Huang W (2019) Using MTD andSDN-based honeypots to defend DDoS attacks in IoT. In: 2019 Computing, communications and IoT applications (ComComAp). IEEE, pp 392–395

    Google Scholar 

  13. Khattab SM, Sangpachatanaruk C, Mossé D, Melhem R, Znati T (2004) Roaming honeypots for mitigating service-level denial-of-service attacks. In: Proceedings on 24th international conference on distributed computing systems, 2004. IEEE, pp 328–337

    Google Scholar 

  14. Musca C, Mirica E, Deaconescu R (2013) Detecting and analyzing zero-day attacks using honeypots. In: 2013 19th international conference on control systems and computer science. IEEE, pp 543–548

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. CSE-(CyS, DS) and AI&DS, VNR VJIET, Pragathi Nagar, Hyderabad, Telangana, 500090, India

    P. Subhash, C. Likhitha Varsha, K. Mehernadh, J. Sruthi & A. Nithin

  2. Computer Science Engineering, King Khalid University, Abha, 62529, Saudi Arabia

    Mohammed Qayyum

Authors
  1. P. Subhash
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammed Qayyum
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. C. Likhitha Varsha
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. K. Mehernadh
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. J. Sruthi
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. A. Nithin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to P. Subhash .

Editor information

Editors and Affiliations

  1. Department of Electronics and Communication Engineering, Kakatiya Institute of Technology and Science, Hanumakonda, Telangana, India

    B. Rama Devi

  2. Department of Electronics and Communication Engineering, National Institute of Technology, Warangal, Warangal, Telangana, India

    Kishore Kumar

  3. Department of Electronics and Communication Engineering, Kakatiya Institute of Technology and Science, Hanamkonda, Telangana, India

    M. Raju

  4. Department of CSE and IT, CMR Technical Campus, Hyderabad, Telangana, India

    K. Srujan Raju

  5. Department of Science and Engineering, Heriot-Watt University, Edinburgh, UK

    Mathini Sellathurai

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Subhash, P., Qayyum, M., Likhitha Varsha, C., Mehernadh, K., Sruthi, J., Nithin, A. (2024). A Security Framework for the Detection of Targeted Attacks Using Honeypot. In: Devi, B.R., Kumar, K., Raju, M., Raju, K.S., Sellathurai, M. (eds) Proceedings of Fifth International Conference on Computer and Communication Technologies. IC3T 2023. Lecture Notes in Networks and Systems, vol 897. Springer, Singapore. https://doi.org/10.1007/978-981-99-9704-6_16

Download citation

Publish with us

Policies and ethics

Search

Navigation