Work place: Amity Institute of Information Technology (AIIT), Amity, Noida, Uttar Pradesh, Pin 201303, India
Laxmi Ahuja Ph.D. (CSE) working as Professor in Amity Institute of Information Technology as Dy. Director and have 21 years of enriched experience Her areas of interest include Soft Computing Approaches, Data Mining, Search Engine. She is supervising Eight research candidates and guided five Ph.D. Candidates in the past. She published more than 100 research papers in National and International Conferences and Journals in SCOPUS Impact Factor Journals like Springer, Inderscience, Elsevier and several others. She has successfully filed number of patents under domain of Information Technology as an Inventor, which has been published in "International Journal of Patents" by Patent Department, Govt. of India. Her Major interest lies in Soft Computing Approaches, Data Mining, Search Engine. Her ORCID ID: https://orcid.org/0000-0002-4486-3081.
DOI: https://doi.org/10.5815/ijitcs.2023.05.04, Pub. Date: 8 Oct. 2023
Bluff and truth are major pillars of deception technology. Deception technology majorly relies on decoy-generated data and looks for any behavior deviation to flag that interaction as an attack or not. But at times a legitimate user can also do suspicious decoy interactions due to lack of knowledge and can be categorized under the “ATTACK” category which in a true sense should not be flagged that way. Hence, there is a need of doing collaborative analysis on honeypot, which are set up to monitor and log activities of sources that compromise or probe them. This goldmine provides ample information about the attacker intent and target, how it is moving forward in the kill chain as this information can be used to enhance threat intelligence and upgrade behaviors analysis rules.
In this paper, decoys which are strategically placed in the network pointing to various databases, services, and Ips are used providing information of interactions made. This data is analyzed to understand underlying facts which can help in strengthening defense strategy, it also enhances confidence on the findings as analysis is not restricted to single decoy interaction which could be false positive or un-intentional in nature but analyzing holistically to conclude on the exact attack patten and progression. With experiment we have highlighted is reconciling various honeypots data and weighing IP visits and Honeypot interaction counts against scores and then using KNN and Weightage KNN to derive inclination of target IP against Source IP which can also be summarized as direction of Attack and count/frequency of interaction from highlights criticality of the interactions. Used KNN and W-KNN have shown approx. 94% accuracy which is best in class, also silhouette score highlighted high cohesion of data points in the experiment. Moreover, this was also analyzed that increasing the number of decoys in the analysis helps in getting better confidence on attack probability and direction.
Subscribe to receive issue release notifications and newsletters from MECS Press journals