An adaptive honeypot using Q-Learning with severity analyzer

An adaptive honeypot using Q-Learning with severity analyzer

In this paper, a honeypot system has been presented, which conducts a severity analysis of the adversaries who attack it. The Honeypot systems are deployed by various organizations to protect their real systems from external threats. They consist of fake file-systems that remain aloof from the attac...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Journal of ambient intelligence and humanized computing 2022-10, Vol.13 (10), p.4865-4876
Hauptverfasser: Suratkar, Shraddha, Shah, Kunjal, Sood, Aditya, Loya, Anay, Bisure, Dhaval, Patil, Umesh, Kazi, Faruk
Format: Artikel
Sprache:eng
Schlagworte:
Algorithms
Artificial Intelligence
Automation
Computational Intelligence
Decision making
Engineering
Internet
Intrusion
Intrusion detection systems
Learning
Linux
Malware
Operating systems
Original Research
Python
Robotics and Automation
User Interfaces and Human Computer Interaction
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this paper, a honeypot system has been presented, which conducts a severity analysis of the adversaries who attack it. The Honeypot systems are deployed by various organizations to protect their real systems from external threats. They consist of fake file-systems that remain aloof from the attackers. Honeypots gather logs of the attacks to protect the genuine systems from attackers. However, attackers also deploy honeypot detection tools. To defer detection from the attackers, a Q-learning based on an SSH-based honeypot named Cowrie has been implemented to make it adaptive and obtain as much information as possible about the intruder. Severity analysis has been implemented to classify attacks based on their severity. This can be used by real systems to enhance their firewalls, Intrusion Detection Systems, and other security mechanisms against these threats.
ISSN:1868-5137
1868-5145
DOI:10.1007/s12652-021-03229-2