Real-Time Attack Monitoring on Telecom Network Using Open-Source Darknet and Honeypot Setup

Authors

  • L. Sivakamy NEC Technologies India Private Ltd, India
  • S. Pradheepkumar NEC Technologies India Private Ltd, India
  • A. Sivabalan NEC Technologies India Private Ltd, India
  • Anand R. Prasad NEC Corporation, Japan

DOI:

https://doi.org/10.13052/jicts2245-800X.524

Keywords:

Darknet, Alerts, Cybersecurity, Honeypots, Cyber attacks, Network monitoring, Malware detection

Abstract

The traditional use of darknets is to passively monitor malicious traffic in a network. In this paper, we describe an experimental setup that leverages this property of the darknet in a network monitoring setup coupled with several honeypot servers. The honeypots are configured as a decoy to lure cyber attacks on the network. The cyber-security test-bed thus designed enables us to monitor an end-to-end mobile communication network test-bed [1] and detect attacks on the network in real-time. After successful trial runs, the results and alert incidents show that the cyber-security setup is efficient in detecting malicious activity in the network.

Downloads

Download data is not yet available.

Author Biographies

L. Sivakamy, NEC Technologies India Private Ltd, India

S. Lakshminarayanan received B.E. in Computer Science and Engineering from Rajalakshmi Institute of Technology, India in 2016. She has 20 months of experience in research and development of mobile communication networks and security standardization. At present she works as Member Technical Staff in NEC India Standardization (NIS) Team at NEC Mobile Network Excellence Center (NMEC), NEC Technologies India Pvt Ltd, Chennai. In her current role, she is working on Security aspects of 5G systems and has applied for several patents on the same. Her research interest includes Cyber Security, Telecom Security and Machine Learning.

S. Pradheepkumar, NEC Technologies India Private Ltd, India

Pradheepkumar Singaravelu is a Senior Researcher at NEC-India. He has around 10 years of experience in Security domain in different areas such as NFV, IOT, 5G and LTE networks. He represents as one of the security expert for NEC Corporation in global forum such as ETSI-NFV, 3GPP-SA3 and local forum like GISFI, TSDSI, etc. He was the Vice chair of the 5G Working Group in TSDSI. Prior to joining NEC, he worked with Samsung Electronics, India. He worked as a Technical Leader of DTV security platform and Standards group. He has filed several patents which cover a wide range of IoT, NFV and Smart Home Technology. He received Ph.D in Information Technology from Indian Institute of Information Technology, Allahabad. He has published several research papers in reputed international journals and conferences.

A. Sivabalan, NEC Technologies India Private Ltd, India

S. Arumugam received Ph.D in Electrical Engineering from Indian Institute of Technology Kanpur, India in 2008 and M.Tech degree from Pondicherry University, India, in 2000. He has 14 years of experience in Academic teaching and Research. Presently he works as Assistant General Manager for Research at NEC Mobile Network Excellence Center (NMEC), NEC Technologies India Pvt Ltd, Chennai. Prior joining NECI he was associated with ABB Global Services and Industries Limited, Bangalore as Associate Scientist. He has published more than 25 papers in various International Journals and Conferences and also participated in many National and International Conferences. In his current role, he is representing NEC for Global ICT Standards forum of India (GISFI). His research interest includes Next Generation Wireless Networks.

Anand R. Prasad, NEC Corporation, Japan

A. R. Prasad, Dr. & ir., Delft University of Technology, The Netherlands, is Chief Advanced Technologist, Executive Specialist, at NEC Corporation, Japan, where he leads the mobile communications security activity. Anand is the chairman of 3GPP SA3 (mobile communications security standardization group), a member of the governing body of Global ICT Standardisation Forum for India (GISFI), founder chairman of the Security & Privacy working group and a governing council member of Telecom Standards Development Society, India. He was chairman of the Green ICT working group of GISFI. Before joining NEC, Anand led the network security team in DoCoMo Euro-Labs, Munich, Germany, as a manager. He started his career at Uniden Corporation, Tokyo, Japan, as a researcher developing embedded solutions, such as medium access control (MAC) and automatic repeat request (ARQ) schemes for wireless local area network (WLAN) product, and as project leader of the software modem team. Subsequently, he was a systems architect (as distinguished member of technical staff) for IEEE 802.11 based WLANs (WaveLAN and ORiNOCO) in Lucent Technologies, Nieuwegein, The Netherlands, during which period he was also a voting member of IEEE 802.11. After Lucent, Anand joined Genista Corporation, Tokyo, Japan, as a technical director with focus on perceptual QoS. Anand has provided business and technical consultancy to start-ups, started an offshore development center based on his concept of cost effective outsourcing models and is involved in business development.

Anand has applied for over 50 patents, has published 6 books and authored over 50 peer reviewed papers in international journals and conferences. His latest book is on “Security in Next Generation Mobile Networks: SAE/LTE and WiMAX”, published by River Publishers, August 2011. He is a series editor for standardization book series and editor-in-chief of the Journal of ICT Standardisation published by River Publishers, an Associate Editor of IEEK (Institute of Electronics Engineers of Korea) Transactions on Smart Processing & Computing (SPC), advisor to Journal of Cyber Security and Mobility, and chair/committee member of several international activities.

He is a recipient of the 2014 ITU-AJ “Encouragement Award: ICT Accomplishment Field” and the 2012 (ISC)2 Asia Pacific Information Security Leadership Achievements (ISLA) Award as a Senior InformationSecurity Professional. Anand is Certified Information Systems SecurityProfessional (CISSP), Fellow IETE and Senior Member IEEE and a NEC Certified Professional (NCP).

References

George, K. J., Sivabalan, A., Prabhu, T., and Prasad, A. R. (2015).“End-to-End Mobile Communication Security Testbed Using Open Source Applications in Virtual Environment.” J. ICT Standardization, 3(1), 67–90.

Suzuki Mio and Inoue Daisuke, (2017). “DAEDALUS: Practical Alert System Based on Large-scale Darknet Monitoring for Protecting Live Networks”, Journal of the National Institute of Information and Communications Technology, 58.

Yegneswaran, V., Barford, P., and Plonka, D. (2004). “On the design and use of Internet sinks for network abuse monitoring”. In International Workshop on Recent Advances in Intrusion Detection, (pp. 146–165). Springer, Berlin, Heidelberg.

Moore, D., Voelker, G., and Savage, S. (2001). “Inferring Internet Denial of Service Activity”, In 10th USENIX Security Symposium, Washington D.C.

Moore, D., Shannon, C., Voelker, G. M., and Savage, S. (2004). “Network Telescopes: Technical Report”, Tech. rep., Cooperative Association for Internet Data Analysis (CAIDA), San Diego.

Campbell, R. M., Padayachee, K., and Masombuka, T. (2015). “A survey of honeypot research: Trends and opportunities”, In 10th International Conference for Internet Technology and Secured Transactions (ICITST).

Scarfone, K., and Mell, P. (2007). “Guide to Intrusion Detection and Prevention Systems (IDPS)” (PDF). Computer Security Resource Center. National Institute of Standards and Technology (800–94). Retrieved 1 January 2010.

Cooke, E., Bailey, M., Watson, D., Jahanian, F., and Nazario, J. (2004). The Internet motion sensor: A distributed global scoped Internet threat monitoring system. Technical Report CSE-TR-491-04, University of Michigan, Electrical Engineering and Computer Science.

Oberheide, J., Karir, M., and Mao, Z. M. (2007). Characterizing Dark DNS Behavior. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 140–156). Springer, Berlin, Heidelberg.

Bailey, M., Cooke, E., Jahanian, F., Myrick, A., and Sinha, S. (2006). Practical darknet measurement. In Information Sciences and Systems, 40th Annual Conference (pp. 1496–1501). IEEE.

Snort. Available at: https://www.snort.org/

MySQL. Available at: https://www.mysql.com/

Song, D., Malan, R., and Stone, R. (2001). A snapshot of global Internet worm activity. Technical report, Arbor Networks.

Wang, Q., Chen, Z., and Chen, C. (2011). Darknet-based inference of internet worm temporal characteristics. IEEE Transactions on Information Forensics and Security, 6(4), 1382–1393.

Pang, R., Yegneswaran, V., Barford, P., Paxson, V., and Peterson, L. (2004). Characteristics of internet background radiation. In Procee-dings of the 4th ACM SIGCOMM conference on Internet measurement(pp. 27–40). ACM.

Downloads

Published

2018-01-20

How to Cite

Sivakamy, L. ., Pradheepkumar, S. ., Sivabalan, A. ., & Prasad, A. R. . (2018). Real-Time Attack Monitoring on Telecom Network Using Open-Source Darknet and Honeypot Setup. Journal of ICT Standardization, 5(2), 187–202. https://doi.org/10.13052/jicts2245-800X.524

Issue

2017: Vol 5 Iss 2

Section

Articles