مقاله انگلیسی رایگان در مورد ارزیابی سطح تهدید حملات به یک هانی نت SSH هیبریدی – الزویر ۲۰۲۰

elsevier

 

مشخصات مقاله
ترجمه عنوان مقاله سیستم خبره ارزیابی میکند سطح تهدید حملات به یک هانی نت SSH هیبریدی
عنوان انگلیسی مقاله Expert system assessing threat level of attacks on a hybrid SSH honeynet
انتشار مقاله سال ۲۰۲۰
تعداد صفحات مقاله انگلیسی ۱۹ صفحه
هزینه دانلود مقاله انگلیسی رایگان میباشد.
پایگاه داده نشریه الزویر
نوع نگارش مقاله
مقاله پژوهشی (Research Article)
مقاله بیس این مقاله بیس میباشد
نمایه (index) Scopus – Master Journals List – JCR
نوع مقاله ISI
فرمت مقاله انگلیسی  PDF
ایمپکت فاکتور(IF)
۴٫۳۳۷ در سال ۲۰۱۹
شاخص H_index ۷۷ در سال ۲۰۲۰
شاخص SJR ۰٫۶۶۷ در سال ۲۰۱۹
شناسه ISSN ۰۱۶۷-۴۰۴۸
شاخص Quartile (چارک) Q1 در سال ۲۰۱۹
مدل مفهومی ندارد
پرسشنامه ندارد
متغیر ندارد
رفرنس دارد
رشته های مرتبط کامپیوتر
گرایش های مرتبط مهندسی سخت افزار، مهندسی نرم افزار، هوش مصنوعی، امنیت اطلاعات
نوع ارائه مقاله
ژورنال
مجله  رایانه ها و امنیت – Computers & Security
دانشگاه Department of Informatics and Computers, Faculty of Science, University of Ostrava, 30. dubna 22, 701 03 Ostrava, Czech Republic
کلمات کلیدی هانی نت، تعامل متوسط، تعامل بالا، هانی پات هیبریدی، سیستم خبره، SSH، طبقه بندی، تغییر مسیر شفاف
کلمات کلیدی انگلیسی Honeypot، Medium interaction، High interaction، Hybrid honeynet، Expert system، SSH، Classification، Transparent redirection
شناسه دیجیتال – doi
https://doi.org/10.1016/j.cose.2020.101784
کد محصول E14690
وضعیت ترجمه مقاله  ترجمه آماده این مقاله موجود نمیباشد. میتوانید از طریق دکمه پایین سفارش دهید.
دانلود رایگان مقاله دانلود رایگان مقاله انگلیسی
سفارش ترجمه این مقاله سفارش ترجمه این مقاله

 

فهرست مطالب مقاله:
Abstract

۱- Introduction

۲- Honeypot & honeynet background

۳- Related works

۴- Concept of the proposed hybrid honeynet

۵- Implementation of the honeynet

۶- Testing of the expert system using data gathered by honeynet

۷- Results and further development

۸- Conclusions

References

بخشی از متن مقاله:

Abstract

Currently, many systems connected to the internet are exposed to hundreds of mostly automated network attacks on a daily basis. These are mostly very simple attacks originating from botnets. However, sophisticated attacks conducted both by automated systems and directly by humans are becoming more common. In order to develop adequate countermeasures, the behaviour of attackers has to be analysed effectively. Honeypots, a sort of lures for the attacks, are used for that purpose. Configuration of honeypots vary depending on the type of attacks they focus on attracting. For simple, analogous attacks that sequentially repeat predefined commands, medium interaction honeypots are sufficient, while more sophisticated attacks require the use of high interactive honeypots. An essential part of the analysis is to differentiate between these types of attacks to make the overall analysis efficient, in terms of efficient use of hardware resources, and effective by providing the attacker with an appropriately emulated environment. This article first analyses the current situation followed by presenting a solution in the form of a system made up of a hybrid honeynet and an expert system. For now, it focuses only on the SSH protocol, as it is widely used for remote system access and is a popular target of attacks. The system has been tested on real data collected over a one-year period. The article also deals with making redirecting SSH connections as transparent as possible.

Introduction

Cybersecurity is one of the most dynamic areas of commercial, academic, scientific, and even personal life. Therefore, to be able to react to both existing and new threats effectively, it is necessary to gain awareness of what threats are currently spreading and what is their destination and target. To gather the data, honeypots, and logical networks of honeypots known as honeynets,1 are used. The subject of this paper is to propose an expert system made to effectively classify the source of the connection to be either a simple or a sophisticated attacker. A simple attacker is typically a bot or an unskilled human attacker only executing a sequence of predefined, repeating commands, or it is a script-kiddie analysing the system and attempting to draw attention to itself. On the other hand, a sophisticated attacker, whether human or advanced malware, reacts to the situation dynamically. The honeynet is comprised of systems emulating SSH protocol, on network port 22 by default, that is among the most popular means for remote access to Linux shell, and administrators use it to manage remote systems or networks. However, it can also be used by an attacker. The SSH protocol was selected as it is among the most attacked protocols, according to the following reports: F-Secure Attack landscape H2 2018,2 Akamai – The State of the Internet Q4 2014.3 Also, the activity and artefacts left behind by an attacker using SSH connection, such as inputted commands or the SSH client used, are analytically useful. To discern and record practices of attackers mainly medium interaction honeypots were used, namely Cowrie.4 Cowrie honeypot emulates Linux shell and many of the basic Linux operating system programs, such as wget or SCP.

ارسال دیدگاه

نشانی ایمیل شما منتشر نخواهد شد. بخش‌های موردنیاز علامت‌گذاری شده‌اند *