Abstract
As one of the active defense technologies, the honeypot deceives the latent intruders to interact with the imitated systems or networks deployed with security mechanisms. Its modeling and performance analysis have not been well studied. In this paper, we propose a honeypot performance evaluation scheme based on Stochastic Petri Nets (SPN). We firstly set up performance evaluation models for three types of defense scenarios (i.e., firewall; firewall and Intrusion Detection System (IDS); firewall, IDS and honeypot) based on SPN. We then theoretically analyze the SPN models by constructing Markov Chains (MC), which are isomorphic to the models. With the steady state probabilities based on the MC, the system performance evaluation is done with theoretical inference. Finally, we implement the proposed three SPN models on the PIPE platform. Five parameters are applied to compare and evaluate the performance of the proposed SPN models. The analysis of the probability and delay of three scenarios shows that the simulation results validate the effectiveness in security enhancement of the honeypot under the SPN models.
Highlights
Internet security becomes severely important as more and more applications are developed based on the Internet, which require security guarantee
We propose to use Stochastic Petri Nets (SPN) [5,6] to model and analyze three network scenarios: the one protected by a firewall, the one protected by both a firewall and Intrusion Detection System (IDS) [7] and the one deployed with a firewall, IDS
We focus on the performance analysis of the honeypot
Summary
Internet security becomes severely important as more and more applications are developed based on the Internet, which require security guarantee. The problem about whether it is worth deploying a honeypot in a given network or system has not been well studied. This motivates us to evaluate and examine the performance of the honeypot in a quantitative way. We propose to use Stochastic Petri Nets (SPN) [5,6] to model and analyze three network scenarios: the one protected by a firewall, the one protected by both a firewall and IDS [7] and the one deployed with a firewall, IDS and honeynet.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
