Class: ITS 834 Emerging Threats and Countermeasures Assignment: Research Paper I (Final)

Introduction The deployment of honeypot computing technology has been in place for decades for its success in securing computer systems and websites. In literal terms, a honeypot is a computer integrated decoy designed to lure malicious attackers such as hacktivists, by either deflecting them from the legitimate targets, attracting them somewhere else as well as aid gathering crucial information about attackers. A honeypot mimics potential target sites of attackers to get avenue for gathering crucial information that could help to bolster cyber system security. Nawrocki et al., suggests checking if it contains any production data as the easiest way to detect any hacking attempt (2016). A honeypot is configured with preconceived vulnerabilities for them to serve as baits for potential attackers. The technique is popular to most large IT companies. In 2015, instance Norton developed honeypots choreographed as a strategy for gaining insights on the attacks that targeted devices that relied on Internet of Things devices such as mobile phones and routers. A trend of burgeoning attacks on honeypots in the recent past underlies the significance of the technique and its usefulness in gathering crucial intelligence and neutralizing risks of attack. The use of honeypots still has a long way to go. The purpose of this literature review is to discuss various types of honeypots and evaluate suggestions for fostering best practice in the use of honeypot computing. Break Down of types of Honeypots In terms of Baykara, & Das (2018), the effectiveness of a honeypot, hinges on the nature of the threats anticipated which primarily include the level of sophistication of the threat and the level of expertise of attackers. The most common is pure honeypots, which is essentially a physical server that features an integrated special monitoring software whose primary goal is to keep watch of any emerging connections between an honeypot and the internet. Pure honeypots are typically fully-fledged systems, but Cheng, Liu, &Yao, (2017) warns that more experienced hackers could bypass the system, could use them as platforms for staging attacks. The current literature does not suggest strategies for overcoming this unfortunate possibility. A high-interactive honeypot, on the other hand, is a more hyperactive full-fledged type. This one deploys a virtual machines to monitor and isolated potential threats by shutting, restarting systems to a recent pristine state. The last one, low-interaction honeypot, is certainly a modification of the latter, only that it uses fewer common attack vectors. In its support Bushby (2019), argues that a low-interactive honeypot uses lesser resources. A comparative study is lacking to offer insight on the contexts under which each could be more effective. Such a study could provide technical insight to guide selection and other dynamics that could guide and other information that could inform best practices. Honeypots as a Tool for Detecting DDoS Attacks With a growing level of advancement of technology, computer wizards continue to reinvent creative ways to utilize utilization to solve most problems. Multilevel, distributed a denial of service (DDoS) is known to cause network delays by a wasting bandwidth utilization and creating overhead traffic. Selvaraj, R., Kuthadi, & Marwala, (2016) suggests utilization for an ant-based DDoS detection, which typically uses roaming virtual honeypots to overcome the problem. For this to work, Selvaraj, Kuthadi, & Marwala, Proposes fitting a multilevel secured architecture with roaming technique to gather information of various attacks occurring at various points of the internet (2016). To fully recognize each kind of the attack, Mahajan, Adagale, & Sahare, (2016), argue for one should look at the type of pheromone deposited on the predesigned areas. Once the affected area is properly identified, the relevant information is then sent to a multilevel system described previously to prevent harm from spreading further to honey pot as that could affect its efficiency. This is certainly a more effective way to ensure prolific utilization of honeypot, in a way that obviate any possibility of an overhead traffic overhead, further spread of attacks and providing fully defense against DDoS. Agreeably, this could be a move in the right direction and one that would help to overcome most shortcomings in the use of honeypots, only that it is based on rather theoretical propositions and without verifiable field level testing. Scanty of information on this proposition leaves one questioning viability of the proposition, yet when put to practical use it could constitute best practice in dealing with the issues identified. Possibilities of Using Honeypots Along With Other Technologies Amidst rocketing level of technological advancement, information security has emerged as top security issue for most entities that handle private and confidential information either for reputation, financial and social-community reasons. In line with these aims, researchers have been grappling on possibilities of combining number techniques such as honey pots, encryption, and firewalls for efficacy. In their research, for instance, Baykara, & Das (2018), have conjured a possibility of combining honeypots with IDSs for real-time detection of intrusions. In this Baykara, & Das (2018), offer technocrats a possibility of redesigning a hybrid honeypot system that draws on the strengths of each of the categories listed earlier for superior performance. From a technical standpoint, the system the authors propose greatly reduces false positives since it has a capability to record zero day attacks, which could be difficult when using standalone techniques. Pandya argues that honey pots in themselves when used alone do not allow real-time analysis of data, which in many ways delay immediate response (2015). Such shortcomings led him to suggest using honeypot computing technology along with other technologies. This is just one-way to honeypot could be combined with other techniques for a more sophisticated system. A clear guide on them could be a major breakthrough that could greatly improve data handling and take cyber security to higher bar altogether. Further, it has been suggested that customizing the current honeypot systems is a good way to proactively deal with most underlying shortcomings. Bushby (2019) opines that progressively advancing honeypot computing technology is a commendable way to keep in sync with fast pacing hacktivism strategies. Han, Kheir, & Balzarotti contends that being able to collect real-time data attack data could help in wide-scale application of the technique instead of using it merely for development of prototypes (2018). Adversarial Honeypot System as a Secondary Defense Noting the significance of developing powerful honey pot system, Younis, & Miri (2019), emphasize creating an adaptive system to evolving nature of cyber threats. In this, they suggested creating a decentralized system that makes use of adversarial honey tokens. An adversarial system should be conspicuously noticeable by an adversary, to lure them and make it easy tracking abuse behavior of attackers (Pandya, 2015). Younis & Miri (2019), recommend a high level of creativity to strategically develop and embed tokens most suitable based on the type of attacker anticipated. It is suggested that adversarial types of honey tokens are calculated to operate as a secondary level protective mechanism that do more than lure target groups to inform creation of infeasible and distractive computation tasks (Mahajan, Adagale, & Sahare, 2016). For this to work as projected, it is crucial to have some specificity of the attack, attacker capabilities, and model adversarial honeypot as the prime attacks particularly in cases of machine learning. An adversarial honeypot model combines data encryption technique, which again lays support for combination of various technologies. Once an attack is initiated, encrypted messages moves from one node to another notifying of a subsisting attack. An inbuilt decoy classifier should be used to prevent the attacker interacting with the legitimate target (Han, Kheir, & Balzarotti, 2018). Such a proposal is timely as it comes at a time when, when most honey pots focuses on preventing known attackers and without necessary secondary support systems. Conclusion On the account of surge of advanced cyber security attacks, safety from attackers is considered to be of imperative value to most internet users. This literature review sought to explore honeypot computing as a viable deceptive technique, by paying particular attention to popular types, best practices, and possibilities of combining with other emerging technologies for a sophisticated system that can go beyond its current limitations. Younis, & Miri (2019), for instance, in suggesting an adversarial defense approach, is arguably making a case for an adaptive system that uses more than one technology to bypass the current shortcomings in the use of honeypots for best results. An important gain in adopting such an approach is that it could expand their capability to deal with unknown attackers, as well as provide secondary support for subsisting systems taking the effectiveness of the technique to a higher bar altogether.

Tags: ,