Abstract
A honeypot is a well-known entrapment technique used by network and Internet of Things (IoT) security professionals to lure intruders. Unlike traditional security measures, they can capture information in real time from the attacker about how they are attacking. A network firewall protects Internet servers from unwanted and malicious traffic. Detecting ransomware with existing security systems such as IDPS (Intrusion Detection and Protection System) and AV (Antivirus) is difficult and time-consuming. In this paper, a novel hybrid Honeynet deployed in Docker for detecting attacker behavior with Tuning Of fiRewall (H-DOCTOR) has been proposed. The proposed H-DOCTOR technique comprises both low interaction and high interaction honeypot to attract the malicious attacker and to analyze the behavioral patterns. This is a form of bait, designed to detect or block attacks, or to divert an attacker's attention away from the legitimate services and tune the firewall. The proposed H-DOCTOR method identify ransomware activity, attack trends, and timely decision-making through the use of an effective rule and tunes the firewall. The proposed H-DOCTOR framework is compared with existing methods such as HyInt,IDS and honeypot-based IDS. The proposed system achieves higher accuracy of 86% and the existing system such as HyInt,IDS and honeypot-based IDS achieves 73.25%, 76.75% and 81.25%.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.