|
Descripción
|
|
|---|---|
| Honeypots have been largely used to capture and investigate malicious behavior through deliberately sacrificing their own resource to be attacked. Specially, owing to the benefits of high scalability and fidelity for both scalable and detailed attacking data collection, the hybrid honeypot architecture consisting of frontends and backends is widely used in the research area. A hybrid honeypot system often needs a facility aimed to control the network traffic for some purposes, such as redirecting the traffic from the frontend to the backend for in-depth attack analysis. However, the current traffic redirection approaches, particularly the TCP connection handover mechanism, are not stealthy and can be detected easily. So, this paper proposed a new network data controller for hybrid honeypot system. This controller is an application based on the open-source Ryu SDN framework. It facilitates the transparent TCP connection handover mechanism, and the traffic filtering approach based on the Snort alert function. The controller application allows the users to configure their own network data control rules, so that the application will then, according to the Snort alert message, forward /redirect the traffic to the corresponding honeypot. The experiments validate the functionality and the testing results show that the controller can efficiently perform the stealthy TCP connection handover as well. | |
|
Internacional
|
Si |
|
Nombre congreso
|
3rd IEEE Conference on Network Softwarization (IEEE NetSoft 2017) |
|
Tipo de participación
|
960 |
|
Lugar del congreso
|
Bolonia, Italia |
|
Revisores
|
Si |
|
ISBN o ISSN
|
|
|
DOI
|
|
|
Fecha inicio congreso
|
03/07/2017 |
|
Fecha fin congreso
|
05/07/2017 |
|
Desde la página
|
|
|
Hasta la página
|
|
|
Título de las actas
|
Proceedings of the 3rd IEEE Conference on Network Softwarization (IEEE NetSoft 2017) |