SoftSwitch: a centralized honeypot-based security approach using software-defined switching for secure management of VLAN networks

Honeypot systems are traps for intruders which simulate real systems such as web, application, and databaseservers used in information systems. Using these systems, unauthorized and malicious access can be efficiently detected.Honeypot is an entity which acts as a source of valued information and its behavior can be monitored. The inability ordifficulty of intrusion detection is a serious security problem in networks including virtual local area network (VLAN).According to the literature, the use of honeypots for intrusion detection and prevention in networks including VLAN isstrongly recommended.In this paper, in order to provide security and to detect unauthorized and malicious access to the VLAN, acentralized honeypot-based approach with a software-defined switching is proposed. With the developed and proposedhoneypot-based intrusion detection and prevention approach, reduction in false alarm, network traffic, and cybersecuritycost, as well as centralized control, was provided. The proposed system has been run in GNS3 simulation software andsuccessful results have been obtained by reducing false alarm level, network traffic, and cybersecurity cost. The numericalresults of the attacks that were detected based on the port and protocol using SoftSwitch are detailed in the performanceevaluation subsection.

PDF

___

[1] Baykara M, Daş R, Karadoğan İ. Bilgi güvenliği sistemlerinde kullanılan araçlarin incelenmesi. In: 1st International Symposium on Digital Forensics and Security (ISDFS-13); Elazığ, Turkey; 2013. pp. 231-239 (in Turkish with an English abstract).
[2] Sagiroglu S, Yolacan E N, Yavanoglu U. Designing and developing an intelligent intrusion detection system. Journal of the Faculty of Engineering and Architecture of Gazi University 2011; 26 (2): 325-340 (in Turkish).
[3] Silnov DS, Prokofiev AO, Berezovskaya G, Perevozchikov VA, Troitskiy S S et al. A method of detecting a malicious actions using HTTP and FTP protocols. In: Intelligent Systems Conference 17 (IntelliSys); London, UK; 2017. pp. 1083-1088.
[4] Saadi C, Chaoui H. Cloud computing security using IDS-AM-Clust, Honeyd, honeywall and Honeycomb. Procedia Computer Science 2016; 85 (1): 433–442. doi: 10.1016/j.procs.2016.05.189
[5] Wang J, Zeng J. Construction of large-scale honeynet based on Honeyd. Procedia Engineering 2011; 15 (1): 3260- 3264. doi:10.1016/j.proeng.2011.08.612
[6] Malanik D, Kouril L. Honeypot as the intruder detection system. In: Recent Advances in Computer Science; Kos, Greece; 2013. pp. 96-101.
[7] Gökırmak Y, Bektaş O, Soysal M, Yiğit S. Sanal IPv6 balküpü ağı altyapısı: kovan. In: Ulusal IPv6 Konferansı; Ankara, Turkey; 2011. pp. 49-55 (in Turkish).
[8] Schindler S, Schnor B, Kiertscher S, SchefflerT, Zack E. HoneydV6: A low-interaction IPv6 honeypot. In: International Conference on Security and Cryptography (SECRYPT); Reykjavik, Iceland; 2013. pp. 1-12.
[9] Kaur S, Singh M. Automatic attack signature generation systems: a review. IEEE Security & Privacy 2013; 11 (6): 54-61. doi: 10.1109/MSP.2013.51
[10] Li L, Sun H, Zhang Z. The research and design of honeypot system applied in the LAN security. In: IEEE 2nd International Conference on Software Engineering and Service Science; Beijing, China; 2011. pp. 360-363.
[11] Li S, Zou Q, Huang W. A new type of intrusion prevention system. In: International Conference on Information Science, Electronics and Electrical Engineering; Sapporo, Japan; 2014. pp. 361-364.
[12] Chawda K, Patel AD. Dynamic and hybrid honeypot model for scalable network monitoring. In: International Conference on Information Communication and Embedded Systems (ICICES2014); Chennai, India; 2014. pp. 1-5.
[13] Suo X, Han X, Gao Y. Research on the application of honeypot technology in intrusion detection system. In: IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA); Ottawa, ON, Canada; 2014. pp. 1030-1032.
[14] Paul S, Mishra B K. Honeypot based signature generation for defense against polymorphic worm attacks in networks. In: 3rd IEEE International Advanced Computing Conference (IACC); Ghaziabad, India; 2013. pp. 159-163.
[15] Beham M, Vlad M, Reiser H P. Intrusion detection and honeypots in nested virtualization environments. In: 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN); Budapest, Hungary; 2013. pp. 1-6.
[16] Dongxia L, Yongbo Z. An intrusion detection system based on honeypot technology. In: International Conference on Computer Science and Electronics Engineering; Hangzhou, China; 2012. pp. 451-454.
[17] Pomsathit A. Effective of unicast and multicast IP address attack over intrusion detection system with honeypot. In: Spring Congress on Engineering and Technology; Xian, China; 2012. pp. 1-4.
[18] Zhen J, Liu Z. New honeypot system and its application in security of employment network. In: IEEE 6 Symposium on Robotics and Applications (ISRA); Kuala Lumpur, Malaysia; 2012. pp. 627-629.
[19] Akiyama M, Kawakoya Y, Hariu T. Scalable and performance-efficient client honeypot on high interaction system. In: IEEE/IPSJ 12th International Symposium on Applications and the Internet; İzmir, Turkey; 2012. pp. 40-50.
[20] Buvaneswari M, Subha T. IHoneycol: a distributed collaborative approach for mitigation of DDoS attack. In: International Conference on Information Communication and Embedded Systems (ICICES); Chennai, India; 2013. pp. 340-345.
[21] Alnabulsi H, Islam MR, Mamun Q. Detecting SQL injection attacks using SNORT IDS. In: Asia-Pacific World Congress on Computer Science and Engineering; Nadi, Fiji; 2014. pp. 1-7.
[22] Vukalović J, Delija D. Advanced persistent threats - detection and defense. In: 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO); Opatija, Croatia; 2015. pp. 1324-1330.
[23] Mehta V, Bahadur P, Kapoor M, Singh P, Rajpoot S. Threat prediction using honeypot and machine learning. In: International Conference on Futuristic Trends on Computational Analysis and Knowledge Management (ABLAZE); Noida, India; 2015. pp. 278-282.
[24] Baykara M, Das R. A novel hybrid approach for detection of web-based attacks in intrusion detection systems. International Journal of Computer Networks And Applications 2017, 4 (2): 62-76. doi: 10.22247/ijcna/2017/48968
[25] Baykara M. Design and implementation of intrusion detection and prevention approaches for information systems. PhD, Fırat University, Elazığ, Turkey, 2016.
[26] Baykara M, Das R. A novel honeypot based security approach for real-time intrusion detection and prevention systems. Journal of Information Security and Applications 2018, 41 (1): 103-116. doi: 10.1016/j.jisa.2018.06.004
[27] Mai Y, Upadrashta R, Su X. J-Honeypot: a java-based network deception tool with monitoring and intrusion detection. In: International Conference on Information Technology: Coding and Computing; Las Vegas, NV, USA; 2004. pp. 804-808.
[28] McGrew R, Vaughn JR. Experiences with honeypot systems: development, deployment, and analysis. In: Proceedings of the 39th Hawaii International Conference on System Sciences; Kauia, HI, USA; 2006. pp. 1-9.
[29] Vargas IRJdS, Kleinschmidt JH. Capture and analysis of malicious traffic in VoIP environments using a low interaction honeypot. IEEE Latin America Transactions 2015, 13 (3): 777-783. doi: 10.1109/TLA.2015.7069104
[30] Djanali S, Arunanto F, Pratomo BA, Baihaqi A, Studiawan H et al. Aggressive web application honeypot for exposing attacker’s identity. In: 1st International Conference on Information Technology, Computer, and Electrical Engineering; Semarang, Indonesia; 2014. pp. 212-216.
[31] Puska A, Nogueira M, Santos A. Unwanted traffic characterization on IP networks by low interactive honeypot. In: 10th International Conference on Network and Service Management (CNSM) and Workshop; Rio de Janeiro, Brazil; 2014. pp. 284-287.