Measurement: Sensors (Feb 2023)
H-DOCTOR: Honeypot based firewall tuning for attack prevention
Abstract
A honeypot is a well-known entrapment technique used by network and Internet of Things (IoT) security professionals to lure intruders. Unlike traditional security measures, they can capture information in real time from the attacker about how they are attacking. A network firewall protects Internet servers from unwanted and malicious traffic. Detecting ransomware with existing security systems such as IDPS (Intrusion Detection and Protection System) and AV (Antivirus) is difficult and time-consuming. In this paper, a novel hybrid Honeynet deployed in Docker for detecting attacker behavior with Tuning Of fiRewall (H-DOCTOR) has been proposed. The proposed H-DOCTOR technique comprises both low interaction and high interaction honeypot to attract the malicious attacker and to analyze the behavioral patterns. This is a form of bait, designed to detect or block attacks, or to divert an attacker's attention away from the legitimate services and tune the firewall. The proposed H-DOCTOR method identify ransomware activity, attack trends, and timely decision-making through the use of an effective rule and tunes the firewall. The proposed H-DOCTOR framework is compared with existing methods such as HyInt,IDS and honeypot-based IDS. The proposed system achieves higher accuracy of 86% and the existing system such as HyInt,IDS and honeypot-based IDS achieves 73.25%, 76.75% and 81.25%.
