Abstract
The reliance on the Internet is growing steadily day by day, making susceptible to various security risks such as code injection, session hijacking, Denial-of-Service attacks, etc. These attacks threaten the CIA triad, that is, Confidentiality, Integrity, and Availability. As a result, ensuring uninterrupted security has become a demanding undertaking. Of all the options available, a honeypot is one of the best security mechanisms an organization can rely on. It is a system used as a trap for threat actors to believe it is a real system. The study of tricks and their attack vectors enables an understanding of potential security vulnerabilities, allowing for the implementation of measures to safeguard assets before any compromise occurs. This work presents the development of a real organizational network on the AWS Cloud, with a focus on enhancing cyber security measures. The network includes an all-in-one honeypot, TPOT, and vulnerable web servers on one server, while a secure web server and database server are deployed on another. The system aims to detect nine different types of attacks, such as DoS, brute force, and XSS, leveraging the T-Pot framework to analyze attack parameters. The crucial aspect of log monitoring is addressed through AWS Cloud Watch, which logs all processes on the connected instances. Additionally, Route 53 health checks are used to analyze traffic levels and implement necessary mitigation strategies. This comprehensive network setup offers a robust defense against potential cyber threats, ensuring the organization's security and enabling proactive measures to safeguard its digital assets. Proposed security framework exhibits the significant results in detecting multiple targeted attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Das VV (2009) Honeypot scheme for distributed denial-of-service. In: 2009 International conference on advanced computer control. IEEE, pp 497–501
Pashaei A, Akbari ME, Lighvan MZ, Charmin A (2022) Early intrusion detection system using honeypot for industrial control networks. Results Eng 16:100576
Leaden G, Zimmermann M, DeCusatis C, Labouseur AG (2017) An API honeypot for DDoS and XSS analysis. In: 2017 IEEE MIT undergraduate research technology conference (URTC). IEEE, pp 1–4
Kambow N, Passi LK (2014) Honeypots: the need of network security. Int J Comput Sci Inf Technol 5(5):6098–6101
Sembiring I (2016) Implementation of honeypot to detect and prevent distributed denial of service attack. In: 2016 3rd international conference on information technology, computer, and electrical engineering (ICITACEE). IEEE, pp 345–350
Melhem H, Dayoub Y (2022) A hybrid honeypot framework for DDOS attacks detection and mitigation
Weiler N (2002) Honeypots for distributed denial-of-service attacks. In: Proceedings on eleventh IEEE international workshops on enabling technologies: infrastructure for collaborative enterprises. IEEE, pp 109–114
Spitzner L (2003) Honeypots: catching the insider threat. In: Proceedings on 19th annual computer security applications conference, 2003. IEEE, pp 170–179
Moore C (2016) Detecting ransomware with honeypot techniques. In: 2016 cybersecurity and cyberforensics conference (CCC). IEEE, pp 77–81
Alshahrani A (2023) Predication attacks based on intelligent honeypot technique
Hakim MA, Aksu H, Uluagac AS, Akkaya K (2018) U-pot: a honeypot framework for upnp-based iot devices. In: 2018 IEEE 37th international performance computing and communications conference (IPCCC)). IEEE, pp 1–8
Luo X, Yan Q, Wang M, Huang W (2019) Using MTD andSDN-based honeypots to defend DDoS attacks in IoT. In: 2019 Computing, communications and IoT applications (ComComAp). IEEE, pp 392–395
Khattab SM, Sangpachatanaruk C, Mossé D, Melhem R, Znati T (2004) Roaming honeypots for mitigating service-level denial-of-service attacks. In: Proceedings on 24th international conference on distributed computing systems, 2004. IEEE, pp 328–337
Musca C, Mirica E, Deaconescu R (2013) Detecting and analyzing zero-day attacks using honeypots. In: 2013 19th international conference on control systems and computer science. IEEE, pp 543–548
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Subhash, P., Qayyum, M., Likhitha Varsha, C., Mehernadh, K., Sruthi, J., Nithin, A. (2024). A Security Framework for the Detection of Targeted Attacks Using Honeypot. In: Devi, B.R., Kumar, K., Raju, M., Raju, K.S., Sellathurai, M. (eds) Proceedings of Fifth International Conference on Computer and Communication Technologies. IC3T 2023. Lecture Notes in Networks and Systems, vol 897. Springer, Singapore. https://doi.org/10.1007/978-981-99-9704-6_16
Download citation
DOI: https://doi.org/10.1007/978-981-99-9704-6_16
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-9703-9
Online ISBN: 978-981-99-9704-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)