HYBRID CYBER DECEPTION FRAMEWORK FOR PROACTIVE AND INTELLIGENT NETWORK

   In this paper, a new system Hybrid Cyber Deception System (HCDS) is presented, designed and developed in python as a proactive tool against a complex network intrusion.

   Honeypots and Honeytokens adopt the strengths strategy that is deployed in this system of deception techniques in a dynamically adaptive modality.

 The realistic Honeypot service that the system (HCDS) simulates and successful redirection of the attackers in controlled and instrumented settings. The proposed framework is a system enabling the management of credentials smoothly connected with the alerting process using standardized logging libraries and SIEM-supported APIs and Honeytokens identifier track able decoy files in the form of an array.

   An important innovation is network parameters and decoy distribution continuous, and autonomous modulation, which was done through Moving Target Defense (MTD) principles, which are reified through network administration utilities organized using Python. The key component of the system is a complex Deception-driven Alerts Correlation Engine, which was designed on the basis of Python programming language and Pandas Python library to handle data effectively and Scikit-learn framework to perform complex machine learning-based analysis of interactions within the deception environment. The high threat alerts are constructed by the intelligent analysis by the engine of the interaction patterns of the attacker in deployed honeypots and honeytoken and digest the data streams fed by Python-based monitoring agents. A proactive defense element is also included in the system when it is connected to a VMware virtualised environment, which is managed with the vboxapi or pyvmomi Python libraries and allows a higher degree of early threat detection as well as increased network resilience based on comprehensive attacker profiling. Empirical analysis of a simulated but realistic network environment shows how effective the system is in identifying and tracking complex attack vectors and provides substantial increases in early threat detection and engagement of attackers over and above traditional and single-deception methods.

The false positive rate of HCDS is a critical challenge is low about 0.9 %. This system is intelligent hybrid deception paradigm and robust that contributes in offering a significant advancement in proactive cybersecurity strategies for mitigating sophisticated network threats. The simulated environment had diverse systems including windows server 2019, operating as domain controllers, the Ubuntu Server 20.04 LTS which was linux-based server, and the windows 10, as client workstations.