Abstract
AbstractDynamic fuzzy rule interpolation (D‐FRI) technique delivers a dynamic rule base through the utilisation of fuzzy rule interpolation to infer more accurate results for a given application problem. D‐FRI offered dynamic rule base is very useful in security areas where network conditions are always volatile and require the most updated rule base. A honeypot is a vital part of any security infrastructure for directly investigating attacks and attackers in real‐time to strengthen the overall security of the network. However, a honeypot as a concealed system can only function successfully while its identity is not revealed to any attackers. Attackers always attempt to uncover such honeypots for avoiding any trap and strengthening their attacks. Active fingerprinting attack is used to detect these honeypots by injecting purposefully designed traffic to a network. Such an attack can be prevented by controlling the traffic but this will make honeypot unusable system if its interaction with the outside world is limited. Alternatively, it is practically more useful if this fingerprinting attack is detected in real‐time to manage its immediate consequences and preventing the honeypot. This article offers an approach to building a cognizant honeypot for detecting active fingerprinting attacks through the utilisation of the established D‐FRI technique. It is based on the use of just a sparse rule base while remaining capable of detecting active fingerprinting attacks when the system does not find any matching rules. Also, it learns from current network conditions and offers a dynamic rule base to facilitate more accurate and efficient detection.
Highlights
Fuzzy rule-based inference offers an established mechanism for inferring outcomes given certain observations in the development of many intelligent systems
This paper offers an approach to building a cognizant honeypot for detecting active fingerprinting attacks through the utilisation of the established Dynamic fuzzy rule interpolation (D-fuzzy rule interpolation (FRI)) technique
Three different experimentations are performed for the cognizant honeypot to evaluate its detection efficiency by employing the fuzzy inference system, the standard transformation-based FRI system and the D-FRI system respectively
Summary
Fuzzy rule-based inference offers an established mechanism for inferring outcomes given certain observations in the development of many intelligent systems. The employment of a dynamic rule base derived from D-FRI offers a range of real benefits for security applications to include the concurrent traffic conditions for inference It has been successfully exploited in several security areas such as D-FRI-Snort (Naik, Diao, & Shen 2016), D-FRIWinFirewall (Naik, Diao, Shang, Shen, & Jenkins 2017), ID-Honeypot (Naik, Shang, Shen, & Jenkins 2018a) and VD-Honeypot (Naik, Shang, Shen, & Jenkins 2018b). The D-FRI based honeypot can detect active fingerprinting attacks utilising the sparse rule base under both conditions when it finds or does not find any matching rule(s) It provides the most updated rule base to avoid interpolation overheads as much as possible and at the same time, to enable the production of the outcome even if no matching rule is found.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
