Honeypot systems are traps for intruders which simulate real systems such as web, application, and database servers used in information systems. Using these systems, unauthorized and malicious access can be efficiently detected. Honeypot is an entity which acts as a source of valued information and its behavior can be monitored. The inability or difficulty of intrusion detection is a serious security problem in networks including virtual local area network (VLAN). According to the literature, the use of honeypots for intrusion detection and prevention in networks including VLAN is strongly recommended. In this paper, in order to provide security and to detect unauthorized and malicious access to the VLAN, a centralized honeypot-based approach with a software-defined switching is proposed. With the developed and proposed honeypot-based intrusion detection and prevention approach, reduction in false alarm, network traffic, and cybersecurity cost, as well as centralized control, was provided. The proposed system has been run in GNS3 simulation software and successful results have been obtained by reducing false alarm level, network traffic, and cybersecurity cost. The numerical results of the attacks that were detected based on the port and protocol using SoftSwitch are detailed in the performance evaluation subsection.
Intrusion detection and prevention systems, honeypots, network security, system security, VLAN security
BAYKARA, MUHAMMET and DAŞ, RESUL
"SoftSwitch: a centralized honeypot-based security approach using software-defined switching for secure management of VLAN networks,"
Turkish Journal of Electrical Engineering and Computer Sciences: Vol. 27:
5, Article 4.
Available at: https://journals.tubitak.gov.tr/elektrik/vol27/iss5/4