Work place: Amity Institute of Information Technology (AIIT), Amity, Noida, Uttar Pradesh, Pin 201303, India
Research Interests: Machine Learning
Jalaj Pateria (Corresponding Author) is doing Doctorate PhD in Information Technology from Amity Institute of Information Technology, Uttar Pradesh, India. He is working as an Enterprise architect with a MNC and has 18 Years of IT industry experience. He has published 4 research papers and has filed 1 patent. His research interests lie in Machine Learning, Explainable AI (XAI), Deep Learning, Sentiment Analysis, Digital Twins, AR/VR and Automated Reasoning. His ORCID ID: https://orcid.org/0000-0003-3760-6439
DOI: https://doi.org/10.5815/ijitcs.2023.05.04, Pub. Date: 8 Oct. 2023
Bluff and truth are major pillars of deception technology. Deception technology majorly relies on decoy-generated data and looks for any behavior deviation to flag that interaction as an attack or not. But at times a legitimate user can also do suspicious decoy interactions due to lack of knowledge and can be categorized under the “ATTACK” category which in a true sense should not be flagged that way. Hence, there is a need of doing collaborative analysis on honeypot, which are set up to monitor and log activities of sources that compromise or probe them. This goldmine provides ample information about the attacker intent and target, how it is moving forward in the kill chain as this information can be used to enhance threat intelligence and upgrade behaviors analysis rules.
In this paper, decoys which are strategically placed in the network pointing to various databases, services, and Ips are used providing information of interactions made. This data is analyzed to understand underlying facts which can help in strengthening defense strategy, it also enhances confidence on the findings as analysis is not restricted to single decoy interaction which could be false positive or un-intentional in nature but analyzing holistically to conclude on the exact attack patten and progression. With experiment we have highlighted is reconciling various honeypots data and weighing IP visits and Honeypot interaction counts against scores and then using KNN and Weightage KNN to derive inclination of target IP against Source IP which can also be summarized as direction of Attack and count/frequency of interaction from highlights criticality of the interactions. Used KNN and W-KNN have shown approx. 94% accuracy which is best in class, also silhouette score highlighted high cohesion of data points in the experiment. Moreover, this was also analyzed that increasing the number of decoys in the analysis helps in getting better confidence on attack probability and direction.
Subscribe to receive issue release notifications and newsletters from MECS Press journals