A significant evolution has occurred in the architectural and infrastructural domains of web applications over the past several years. Monolithic systems are gradually being superseded by microservices-based architectures, which are now considered the de facto standard for web application development owing to their inherent portability, scalability, and ease of deployment. Concurrently, the prevalence of this architecture has rendered it susceptible to specialized cyberattacks. While honeypots have proven effective in the past for gathering real-world attack data and uncovering attacker methods, their growing popularity has made them a specific target for cyberattacks. Traditional honeypots lack the flexibility of microservices architecture. Honeypots have proven effective in gathering authentic attack data and analyzing attacker tactics. The core idea that honey traps help identify malicious packets with minimal effort to remove incorrect alerts is preserved. In addition to identifying and documenting specific attack methods used by intruders, this system helps thwart attacks by creating realistic simulations of the actual systems and applications within the network. This effectively slows down and confuses attackers by making it difficult for them to gain access to real devices. This paper presents a groundbreaking approach to honeypot management within cybersecurity, utilizing virtual clusters and a microservice architecture to significantly improve the effectiveness of threat detection. To conduct our research, we initially surveyed the internet to pinpoint container and container management systems operating on standard ports that might be susceptible to attacks. The monitoring of the instrumented approach generated a massive dataset, enabling researchers to make significant inferences about the behavior and goals of malevolent users. We advocate for the implementation of honeypots on lightweight distribution orchestration tools installed on Ubuntu servers, situated behind a meticulously crafted gateway and operating on standard port configurations. In light of the scan outcomes, we recommend the deployment of honeypot orchestration on streamlined distributions. To better protect your systems based on our scan results, we recommend implementing honeypot orchestration for easier deployment and management. By deploying honeypots on lightweight operating systems, you can optimize resource usage and improve performance while maintaining essential capabilities. These capabilities include monitoring attack patterns on vulnerable systems and analyzing the security measures implemented by those responsible for managing exposed systems.
Read full abstract