| An active honeypot can deceive attackers to consume their resources in network security.Nonetheless,its fake nature may reveal itself to the attackers.Once an attacker finds the accessed service is a honeypot,he will escape the trap and start attacking a real service.In this paper,a distributed honeypot scheme based on Blockchain is proposed.The system consists some services featured with both fake and real properties,deceiving attackers by constantly switching the properties.Even if the attacker determines that a honeypot exists,he cannot distinguish between real services and honeypots.Any access to the honeypot traps will be labelled as illegal traffic.This paper is mainly as follows:1.The distributed honeypot scheme based on Blockchain.The private chain is built based on Blockchain forming out a decentral and distributed architecture.The servers in the chain determine a temporal host according to the billing right at different time periods.The switching services act as attractive traps for attackers,who cannot find the exact locations of real services.Besides,the connection attempt to a honeypot is treated as an attack record.Alloy is utilized for security analysis.2.Game-theoretic analysis of distributed honeypot scheme.By applying the imperfect information game,we analyze the scheme.The strategies of all players and their payoffs are utilized for establishing payoff equations,where the Bayesian equilibriums are obtained under different circumstances.Through prerequisite conditions of these equilibriums,the player who can dominate state transitions is inferred.Further verification of our reasoning result is done through Gambit and MATLAB figures show the payoffs of all players,which illustrates effectiveness of the scheme.3.Prototype system development of distributed honeypot based on Blockchain.The prototype system is mainly developed in Java and Solidity.A private chain is built on Ethereum platform to establish a decentral architecture.The smart contract about data storage is deployed in this system,recording attack logs in a tamper-resistant manner.Via Web3 J interface,upper level of the system can transfer data to the bottom private chain.At the meantime,four kinds of services are deployed in every host.Each service configured with two root directories,which stores real and fake resources separately.The host with a billing right will execute a service allocation algorithm.Running result of the algorithm consists of some commands for every server to open or close services.By constantly switching services,honeypots in the server hosts captures illegal traffic for forensics.To validate effectiveness of defense,the system is tested with scanning attack,eavesdropping attack and Do S attack.All results show that our scheme is capable of defending against attacks. |
PDF Full Text Request