Abstract
Honeypots are designed to investigate malicious behaviour. Each type of homogeneous honeypot system has its own characteristics in respect of specific security functionality, and also suffers functional drawbacks that restrict its application scenario. In practical scenarios, therefore, security researchers always need to apply heterogeneous honeypots to cope with different attacks. However, there is a lack of general tools or platforms that can support versatile honeynet deployment in order to investigate the malicious behavior. In this study, the authors propose a versatile virtual honeynet management tool to address this problem. It is a flexible tool that offers security researchers the versatility to deploy various types of honeypots. It can also generate and manage the virtual honeynet through a dynamic configuration approach adapting to the mutable network environment. The experimental results demonstrate that this tool is effective to perform automated honeynet deployment toward a variety of heterogeneous honeypots.
Highlights
A honeypot is an information system resource whose value lies in unauthorised or illicit use of that resource [1]
It is limited by the fact that it emulates known vulnerabilities, and its security program only focuses on capturing the malicious traffic accessing to its emulated vulnerable services
Owing to the requirement of applying heterogeneous honeypots to various attacks, in this paper, we propose a versatile virtual honeynet management tool called Honeyvers that can configure heterogeneous honeypots based on the generic language called Technology Independent Honeynet Description Language (TIHDL)
Summary
A honeypot is an information system resource whose value lies in unauthorised or illicit use of that resource [1]. Every individual honeypot has its own features Some honeypots such as Honeyd [2] can emulate multiple decoys simultaneously to monitor the unauthorised traffic. These decoys can emulate the appearance of operating systems and vulnerable services, but they provide little interaction to the adversaries. Medium-interaction honeypot (MIH), e.g. Amun [3] and Dionaea [‘Dionaea – catched bugs’, http:// www.dionaea.carnivore.it/], can provide much more interaction to the adversaries and even catch the malicious payload They can emulate a variety of vulnerable services based on the TCP/IP network stacks which are implemented and managed by the underlying operating system where the MIH installs. The probable approach to solve the limitation mentioned above is to build a platform that is flexible enough to support versatile honeynet deployment in order to trap and investigate the attacks with appropriate decoys
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
