Inicio  /  Applied Sciences  /  Vol: 12 Par: 10 (2022)  /  Artículo
ARTÍCULO
TITULO

A Comparison of an Adaptive Self-Guarded Honeypot with Conventional Honeypots

Sereysethy Touch and Jean-Noël Colin    

Resumen

To proactively defend computer systems against cyber-attacks, a honeypot system?purposely designed to be prone to attacks?is commonly used to detect attacks, discover new vulnerabilities, exploits or malware before they actually do real damage to real systems. Its usefulness lies in being able to operate without being identified as a trap by adversaries; otherwise, its values are significantly reduced. A honeypot is commonly classified by the degree of interactions that they provide to the attacker: low, medium and high-interaction honeypots. However, these systems have some shortcomings of their own. First, the low and medium-interaction honeypots can be easily detected due to their limited and simulated functions of a system. Second, the usage of real systems in high-interaction honeypots has a high risk of security being compromised due to its unlimited functions. To address these problems, we developed Asgard an adaptive self-guarded honeypot, which leverages reinforcement learning to learn and record attacker?s tools and behaviour while protecting itself from being deeply compromised. In this paper, we compare Asgard and its variant Midgard with two conventional SSH honeypots: Cowrie and a real Linux system. The goal of the paper is (1) to demonstrate the effectiveness of the adaptive honeypot that can learn to compromise between collecting attack data and keeping the honeypot safe, and (2) the benefit of coupling of the environment state and the action in reinforcement learning to define the reward function to effectively learn its objectives. The experimental results show that Asgard could collect higher-quality attacker data compared to Cowrie while evading the detection and could also protect the system for as long as it can through blocking or substituting the malicious programs and some other commands, which is the major problem of the high-interaction honeypot.

 Artículos similares

       
 
Jiangfeng Li, Jian Dang, Chaohao Xia, Rong Jia, Gaoming Wang, Peihang Li and Yunxiang Zhang    
To efficiently extract the model parameters of photovoltaic (PV) modules, this paper proposed an identification method based on the Dynamic Elite-Leader Multi-Verse Optimizer (DLMVO) algorithm. An adaptive strategy was used to control parameters based on... ver más
Revista: Applied Sciences

 
Yidong Chen, Xiang Ji, Dongting Xu, Xi Zhou, Yujing Wang and Yixiao Hu    
To enhance the continuity of character in the preservation of architectural heritage, this approach focuses on the horizontal self-similarity characteristics of architectural texture. A method using K-means and the Bhattacharyya approach for color select... ver más
Revista: Applied Sciences

 
Xin Qi, Chunyang Sheng, Yongbao Guo, Tao Su and Haixia Wang    
Aiming at the problem that online parameter identification, based on the Model Reference Adaptive System (MRAS), is easily affected by the high-frequency noise of the sensor, an improved MRAS, based on variable bandwidth linear Active Disturbance Rejecti... ver más
Revista: Applied Sciences

 
Van-Tinh Nguyen, Vu-Minh Tran and Ngoc-Tam Bui    
Differential evolution (DE) is one of the best evolutionary algorithms (EAs). In recent decades, many techniques have been developed to enhance the performance of this algorithm, such as the Improve Self-Adaptive Differential Evolution (ISADE) algorithm.... ver más
Revista: Applied Sciences

 
Xudong Han, Yongling Fu, Yan Wang, Mingkang Wang and Deming Zhu    
The control accuracy and stability of the electrohydrostatic actuator (EHA) are directly impacted by parameter uncertainty, disturbance uncertainty, and non-matching disturbance, which negatively impacts aircraft rudder maneuvering performance and even r... ver más
Revista: Aerospace