Authors: Kyi Lin Lin Kyaw

Abstract:

Nowadays, we are facing with network threats that cause enormous damage to the Internet community day by day. In this situation, more and more people try to prevent their network security using some traditional mechanisms including firewall, Intrusion Detection System, etc. Among them honeypot is a versatile tool for a security practitioner, of course, they are tools that are meant to be attacked or interacted with to more information about attackers, their motives and tools. In this paper, we will describe usefulness of low-interaction honeypot and high-interaction honeypot and comparison between them. And then we propose hybrid honeypot architecture that combines low and high -interaction honeypot to mitigate the drawback. In this architecture, low-interaction honeypot is used as a traffic filter. Activities like port scanning can be effectively detected by low-interaction honeypot and stop there. Traffic that cannot be handled by low-interaction honeypot is handed over to high-interaction honeypot. In this case, low-interaction honeypot is used as proxy whereas high-interaction honeypot offers the optimal level realism. To prevent the high-interaction honeypot from infections, containment environment (VMware) is used.

Keywords: Low-interaction honeypot, High-interactionhoneypot, VMware, Proxy

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1082357

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2891

References:

[1] P.Diebold,A. Hess, G,Schafer. A Honeypot Architecture for Detecting and Analyzing Unknown Network Attacks. In Proc. Oh 14th Kommunikationin Verteilten systemen 2005(KiVS05), Kaiserslautern, Germany, February 2005
[2] Honeypots: White Paper. Reto Baumann, http:// www. Rbaumann.net, Christian Plattner, http:// www. Christianplattner.net
[3 ] Research infrastructures action, Sixth framework programme, D1.1: Honeypot Node Architecture, page 7-24
[4] Spitzer, Lance. Honeypots, Tracking Hackers. Pdf version. Addison Wesely,2002.
[5] Spitzer, Lance. Honeypots- Definitions and Value of Honeypots. http://www.infosecwriters.com, March 6,2003.
[6] Honeynet project, The. (2007a). Know your enemy: Honeynets. Retrieved on 7 October 2007 from http;//www. Honeynet.org/papers/honeynet/index.html
[7] Research infrastructures action, Sixth framework programme, D1.4: Architecture Integration, page 36.
[8] Niels Provos: Honeyd- Virtual Honeypot, http://www.honeyd.org/, Provos 2002
[9] Pouget,F., & Holz, T. (2005). A pointillist approach for comparing honeypots. In K. Julisch & C. Kruegel (Eds), Intrusion and malware detection and vulnerability assessment. Berlin/ Heidelberg: Springer
[10] Tyad Kuwatly, Malek Sraj, Zaid Al Masri, A Dynamic Honeypot Design for Intrusion Detection, American U. of Beirut .2004.
[11] Research infrastructures action, Sixth framework programme, D1.2: Attack detection and signature generation