AN ENHANCED INTRUSION DETECTION SYSTEM USING HONEYPOT AND CAPTCHA TECHNIQUES
Abstract
Internet is no doubt inevitable as it has a tremendous impact in our lives. Despite its importance, internet comes with many challenges, among which is security. From the literature, several attempts have been made to develop secure and user-friendly spam detection technique. But these attempts linger between these two fundamental issues: the robustness and the usability in CAPTCHA system, passiveness of Intrusion Detection System (IDS), which failed to detect some forms of novel attacks, flexibility to attacks and not efficient to users. In this work, honey CAPTCHA, an enhanced intrusion detection framework is designed to solve the above problems as it is capable of detecting crawlers’ attacks, resilient and efficient to users. The system is mainly considered as an option to a CAPTCHA-BASED IDS model, which suffers the above problems. The system outperforms the existing system considering its performance measure based on the proposed metrics that includes detection rate (DR) of 76%, 1.7 times the detection rate of the existing system with false positive rate (FPR) of 10% against the existing system that have 36% FPR, which proved that the system is more robust compared to the existing system. The usability of the system measured using BDR and BNR is 1.5 times that of the existing system, which shows how efficient the system is to users when compared to the existing system. Both systems were compared based on standard IDS evaluation metrics CID which proves that the system is 2.26 times better than the existing system
References
Joseph, C. (2018, April, 17). Symantec Internet Security Threat Report 2018: TheTop Takeaways.[Blog post]. Retrieved from:https://thycotic.com/company//blog/2018/04/17/symantec-internet-security-threat-report-2018/. It is a snapshot of the page as it appeared on 26 Aug 2018 06:22:50 GMT.
Mohammad, M., &MohammadReza, K. (2014). CAPTCHA and its Alternatives: A Review. SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks, 8: 2135–2156.
Foley, A. (2012). Biometric Alternatives to CAPTCHA: Exploring Accessible Interface Options. Dublin Institute of Technology.
Mohammad A. F. & Syed S. H.(2010). Towards Cyber Defense: Research in Intrusion Detection and Intrusion Prevention Systems, International Journal of Computer Science and Network Security (IJCSNS), 10(7).
Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., & Rajarajan, M. (2013). A survey of intrusion detection techniques in cloud. Journal of network and computer applications, 36(1), 42-57.
Steven G., Mengjun X., Zhenyu Wu., &Haining W. (2011). Humans and Bots in Internet Chat:Measurement, Analysis, and Automated Classification. , ieee/acm transactions on networking, 19(5).
Gu, G., Fogla, P., Dagon, D., Lee, W., Skori, C. (2006) Measuring intrusion detection capability: An information-theoretic approach. In: Proc. of the 2006 ACM Symposium on Information, computer and communications security, pp. 90–101.
Powell, B. M., Kalsy, E., Goswami, G., Vatsa, M., Singh, R., & Noore, A. (2017). Attack-resistant aiCAPTCHA using a negative selection artificial immune system. Paper presented at the 2017 IEEE Security and Privacy Workshops (SPW).
Andrew, D. (2014). ESCAPT: Easy Strategies for Computers to Avoid the Public Turing Test. Mentor: Ming Chow Fall.
Parita, C., Chintan, T., & Manish, S. (2016). A Review Paper on Analysis of Decisive and Non-Intrusive Technique to Combat Form Spam, International Journal of Innovative Research in Computer and Communication Engineering, 4(3).
Powell, B. M., Kalsy, E., Goswami, G., Vatsa, M., Singh, R., & Noore, A. (2017). Attack-resistant aiCAPTCHA using a negative selection artificial immune system. Paper presented at the 2017 IEEE Security and Privacy Workshops (SPW).
Josh, D. (2019). Why CAPTCHAs have gotten so difficult.Demonstrating you’re not a robot is getting harder and harder. [Blog Post]. Retrieved from https://www.theverge.com/2019/2/1/18205610/google-captcha-ai-robot-human-difficult-artificial-intelligence. Josh Dzieza@joshdzieza Feb 1, 2019, 11:00am EST.
Suphannee, S., Jason, P., & Resendes, D.(2019) I’m not a human: Breaking the Google reCAPTCHA. University, New York NY, USA
Google no Captcha + INVISIBLE reCaptcha – First Experience Results Review (2019, Mar 10). Retrieved from https://tehnoblog.org/google-no-captcha-invisible-recaptcha-first-experience-results-review/.
Ramdane, C., & Chikhi, S. (2017). Negative selection algorithm: recent improvements and its application in intrusion detection system. Int. J. Comput. Acad. Res.(IJCAR), 6(2), 20-30.
Jinquan, Z., Xiaojie, L., Tao, L., Caiming, L., Lingxi, P., & Feixian, S. (2009). A self-adaptive negative selection algorithm used for anomaly detection. Progress in natural Science, 19(2), 261-266.
Li, D., Liu, S., & Zhang, H. (2016). A boundary-fixed negative selection algorithm with online adaptive learning under small samples for anomaly detection. Engineering Applications of Artificial Intelligence, 50, 93-105.
Abdolahnezhad, M., R. &Banirosta,T. (2016) Improved Negative Selection Algorithm for Email Spam Detection Application, International Journal of Advanced Research in Electronics and Communication Engineering (IJARECE), 5(4).
Moth, D. (2013, July 29). Six alternatives to using the dreaded Captcha images. [Blog Post]. Retrieved from https://econsultancy.com/six-alternatives-to-using-the-dreaded-captcha-images/.
Bushell, D. (2011, March 4). In search of the best CAPTCHA. Retrieved August, 20, 2019, from https://www.smashingmagazine.com/2011/03/in-search-of-the-perfect-captcha/.
Linora, J. A., &Barathy, M. N. (2014). Intrusion detection and prevention by using light weight virtualization in web applications. International Journal of Computer Science and Mobile Computing;3(3), 392-396.
Koniaris, I., Papadimitriou, G., Nicopolitidis, P., & Obaidat, M. (2014). Honeypots deployment for the analysis and visualization of malware activity and malicious connections. Paper presented at the 2014 IEEE international conference on communications (ICC).
Yesugade, K. D., Sanika, M. A., Sanika N. S., Charmi S. S., Malav, S. (2016). Infrastructure Security Using IDS, IPS and Honeypot. International Engineering Research Journal (IERJ), 2(3) Page 851-855.
Resende PAA, Drummond AC.(2018) Adaptive anomaly-based intrusion detection system using genetic algorithm and profiling. Security and Privacy; 1:4. Doi: https://doi.org/10.1002/spy2.36
Vivekan & Rajbhar. (2018). Intrusion detection & prevention using honeypot. International Journal of Advanced Research in Computer Science, 9(4),
Boukare, S.,& Abubakar,H. (2018). Acaptcha – based intrusion detection model. International Journal of Software Engineering & Applications (IJSEA), 9(1).
Stevens, I., D. (2016) Using machine learning to detect bots in World of Warcraft. Transactions on networking19 (5).
Rusland, N., F., Norfaradilla Wahid, N., Kasim, S. &Hafit, H. (2017). Analysis of Naive Bayes Algorithm for Email Spam. International Research and Innovation Summit.
Zhuoheng, X., Zhenghao, Y., Simon, J., Michael, R.,, Chris, R., Theerakorn, P., Matthew A.(2018), Caret Versus Scikit-learn A Comparison of Data Science Tools Lanham Purdue University Krannert School of Management, Retrieved From: http://matthewalanham.com/Students/2018_PURC_caretvsscikit.pdf
Malav, S., Avinash, M. S., Satish, N. S., & Sandeep, S. C. (2015). Network security using IDS, IPS & honeypot. Int. J. Recent Res. Math. Comput. Sci. Inf. Technol, 2(2), 27-30
Copyright (c) 2023 FUDMA JOURNAL OF SCIENCES
This work is licensed under a Creative Commons Attribution 4.0 International License.
FUDMA Journal of Sciences