Discovering Hackers by Stealth: Predicting Fingerprinting Attacks on Honeypot Systems

摘要

Cybersecurity is becoming increasingly challenging due to escalating security attacks on networks. A honeypot system is an effective entrapment mechanism for collecting information about these attacks and attackers. Nonetheless, one of the biggest risks to the honeypot system is the possibility of being fingerprinted by an attacker. As a consequence of the fingerprinting, the identity of the honeypot system could be revealed or it could be transformed into a bot to attack others. Several efficacious methods are proposed to fingerprint the honeypot system or to prevent it. However, there is no method available that can identify and predict fingerprinting in real-time, to save the honeypot system. Therefore, this paper proposes a technique to identify and predict fingerprinting attacks on the honeypot system in real-time. This technique is based on the fingerprinting process which necessitates a series of events by the attacker and by analysing these events contemporaneously, it is feasible to identify and predict the fingerprinting attack on the honeypot system. For the development of this technique, a popular honeypot tool KFSensor and fingerprinting tools Nmap and Xprobe2 are utilised to collect fingerprint data relating to the honeypot system. This data is analysed to detect the various attack techniques used by popular fingerprinting tools to propose a solution.