Work place: Bhairab Ganguly College, Kolkata, West Bengal., India
E-mail: subhranil.som@gmail.com
Website:
Research Interests: IoT
Biography
Subhranil Som is having 18 years of experience and currently working as Principal at Bhairab Ganguly College, Kolkata, India. His research interests lie Cybersecurity, IOT, Encryption Techniques and Quantum Computing. He has Filed 4 patents and published over 60 Research papers published in Reputed Journals and Conferences. He has also Authored two books and Acted as Chair, Reviewer, Technical Program Committee member of different International and National Conferences at India and Abroad. His Major interests: Cybersecurity, IOT, Encryption Techniques and Quantum Computing. His ORCID ID: https://orcid.org/0000-0002-1454-7141.
By Jalaj Pateria Laxmi Ahuja Subhranil Som Ashish Seth
DOI: https://doi.org/10.5815/ijitcs.2023.05.04, Pub. Date: 8 Oct. 2023
Bluff and truth are major pillars of deception technology. Deception technology majorly relies on decoy-generated data and looks for any behavior deviation to flag that interaction as an attack or not. But at times a legitimate user can also do suspicious decoy interactions due to lack of knowledge and can be categorized under the “ATTACK” category which in a true sense should not be flagged that way. Hence, there is a need of doing collaborative analysis on honeypot, which are set up to monitor and log activities of sources that compromise or probe them. This goldmine provides ample information about the attacker intent and target, how it is moving forward in the kill chain as this information can be used to enhance threat intelligence and upgrade behaviors analysis rules.
In this paper, decoys which are strategically placed in the network pointing to various databases, services, and Ips are used providing information of interactions made. This data is analyzed to understand underlying facts which can help in strengthening defense strategy, it also enhances confidence on the findings as analysis is not restricted to single decoy interaction which could be false positive or un-intentional in nature but analyzing holistically to conclude on the exact attack patten and progression. With experiment we have highlighted is reconciling various honeypots data and weighing IP visits and Honeypot interaction counts against scores and then using KNN and Weightage KNN to derive inclination of target IP against Source IP which can also be summarized as direction of Attack and count/frequency of interaction from highlights criticality of the interactions. Used KNN and W-KNN have shown approx. 94% accuracy which is best in class, also silhouette score highlighted high cohesion of data points in the experiment. Moreover, this was also analyzed that increasing the number of decoys in the analysis helps in getting better confidence on attack probability and direction.
Subscribe to receive issue release notifications and newsletters from MECS Press journals