A computational intelligence enabled honeypot for chasing ghosts in the wires

Naik, Nitin; Jenkins, Paul; Savage, Nick; Yang, Longzhi

doi:10.1007/s40747-020-00209-5

Cited by 17 publications

(10 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…HIHAT adalah contoh aplikasi web honeypot dengan tingkat interaksi yang tinggi. HIHAT mengubah aplikasi PHP menjadi honeypot dengan interaksi tinggi [12]. Gambar 1.…”

Section: High Interaction Honeypot (Hih)unclassified

Implementasi HoneyPy Dengan Malicious Traffic Detection System (Maltrail) Menggunakan Analisis Deskriptif Guna Untuk Mendeteksi Serangan DDOS Pada Server

Alfidzar¹,

Zen²

2022

INISTA

View full text Add to dashboard Cite

Pada era sekarang ini, masih banyak serangan terhadap server yang membuat server akan mengalami kerusakan sistem operasi. Contoh yang sering ditemukan adalah serangan DoS. Dalam pencegahan, diperlukan keamanan atau referensi untuk mendukung keamanan server. Keamanan terhadap jaringan dan server merupakan hal yang sangat penting, karena sudah banyak serangan dilakukan oleh pihak yang tidak bertanggungjawab. Sehingga diperlukan suatu penanganan yang dapat menganalisis serangan terhadap beberapa ancaman. HoneyPy dengan Maltrail merupakan aplikasi yang bersifat open source yang bisa digunakan untuk metode pembuktian pada penelitian. Terdapat CentOs yang digunakan sebagai server tambahan dan Linux Mint sebagai server utama. Serangan-serangan yang dilakukan pada penelitian ini dilakukan oleh peneliti sendiri pada server menggunakan serangan DoS. Data yang dikumpulkan dari maltrail sudah dianalisis menggunakan analisis deskriptif, hasil penelitian ini yaitu HoneyPy dengan Maltrail mampu menjadi tolak ukur untuk digunakan sebagai peningkatan keamanan pada serangan di bagian server. Berdasarkan pengujian didapatkan bahwa hasil berupa lima laporan didapatkan tiga threats, enam events, severity terdeteksi low dan medium, satu sumber ancaman pada sources, dan empat trails.

show abstract

“…HIHAT adalah contoh aplikasi web honeypot dengan tingkat interaksi yang tinggi. HIHAT mengubah aplikasi PHP menjadi honeypot dengan interaksi tinggi [12]. Gambar 1.…”

Section: High Interaction Honeypot (Hih)unclassified

Implementasi HoneyPy Dengan Malicious Traffic Detection System (Maltrail) Menggunakan Analisis Deskriptif Guna Untuk Mendeteksi Serangan DDOS Pada Server

Alfidzar¹,

Zen²

2022

INISTA

View full text Add to dashboard Cite

show abstract

“…Naik et al [65], proposed a computational intelligence honeypot system that was capable of predicting and discovering the attempted fingerprinting attack. The proposed intelligent system used two approaches Principal Component Analysis which was used to select the most important features for the prediction, and Fuzzy Inference System (FIS) which was used to correctly correlate the selected features by the Principal Component Analysis.…”

Section: Network Intrusionmentioning

confidence: 99%

The impacts of artificial intelligence techniques in augmentation of cybersecurity: a comprehensive review

Naik

Mehta

Yagnik³

et al. 2021

Complex Intell. Syst.

View full text Add to dashboard Cite

Given the prevailing state of cybersecurity, it is reasonable to understand why cybersecurity experts are seriously considering artificial intelligence as a potential field that can aid improvements in conventional cybersecurity techniques. Various progressions in the field of technology have helped to mitigate some of the issues relating to cybersecurity. These advancements can be manifested by Big Data, Blockchain technology, Behavioral Analytics, to name but a few. The paper overviews the effects of applications of these technologies in cybersecurity. The central purpose of the paper is to review the application of AI techniques in analyzing, detecting, and fighting various cyberattacks. The effects of the implementation of conditionally classified “distributed” AI methods and conveniently classified “compact” AI methods on different cyber threats have been reviewed. Furthermore, the future scope and challenges of using such techniques in cybersecurity, are discussed. Finally, conclusions have been drawn in terms of evaluating the employment of different AI advancements in improving cybersecurity.

show abstract

“…Forensic analysis of malware requires a thorough knowledge of the degree of similarity between known malware and inert files to assess files for their threat potential. This is especially important when considering the analysis and clustering of suspected malware in order to discover new variants [19]. As a result, the use of the similarity preserving property of fuzzy hashing is useful in malware analysis while comparing unknown files with known malware families, where samples possess similar functionality, yet different cryptographic hash values [2].…”

Section: B Fuzzy Hashingmentioning

confidence: 99%

Fuzzy Hashing Aided Enhanced YARA Rules for Malware Triaging

Naik

Jenkins

Savage

et al. 2020

2020 IEEE Symposium Series on Computational Intelligence (SSCI)

Self Cite

View full text Add to dashboard Cite

Cybercriminals are becoming more sophisticated wearing a mask of anonymity and unleashing more destructive malware on a daily basis. The biggest challenge is coping with the abundance of malware created and filtering targeted samples of destructive malware for further investigation and analysis whilst discarding any inert samples, thus optimising the analysis by saving time, effort and resources. The most common technique is malware triaging to separate likely malware and unlikely malware samples. One such triaging technique is YARA rules, commonly used to detect and classify malware based on string and pattern matching, rules are triggered and alerted when their condition is satisfied. This pattern matching technique used by YARA rules and its detection rate can be improved in several ways, however, it can lead to bulky and complex rules that affect the performance of YARA rules. This paper proposes a fuzzy hashing aided enhanced YARA rules to improve the detection rate of YARA rules without significantly increasing the complexity and overheads inherent in the process. This proposed approach only uses an additional fuzzy hashing alongside basic YARA rules to complement each other, so that when one method cannot detect a match, then the other technique can. This work employs three triaging methods fuzzy hashing, import hashing and YARA rules to perform extensive experiments on the collected malware samples. The detection rate of enhanced YARA rules is compared against the detection rate of the employed triaging methods to demonstrate the improvement in the overall triaging results.

show abstract

A computational intelligence enabled honeypot for chasing ghosts in the wires

Cited by 17 publications

References 25 publications

Implementasi HoneyPy Dengan Malicious Traffic Detection System (Maltrail) Menggunakan Analisis Deskriptif Guna Untuk Mendeteksi Serangan DDOS Pada Server

Implementasi HoneyPy Dengan Malicious Traffic Detection System (Maltrail) Menggunakan Analisis Deskriptif Guna Untuk Mendeteksi Serangan DDOS Pada Server

The impacts of artificial intelligence techniques in augmentation of cybersecurity: a comprehensive review

Fuzzy Hashing Aided Enhanced YARA Rules for Malware Triaging

Contact Info

Product

Resources

About