Card image

Scholarly

Volume:2, Issue: 12, 2008 Page No: 4234 - 4238

International Journal of Information, Control and Computer Sciences

ISSN: 2517-9942

2249 Downloads
Abstract Full Text Download References Share Add to Favorites
DOI:10.5281/zenodo.1082357 BibTeX JSON

Hybrid Honeypot System for Network Security

Nowadays, we are facing with network threats that cause enormous damage to the Internet community day by day. In this situation, more and more people try to prevent their network security using some traditional mechanisms including firewall, Intrusion Detection System, etc. Among them honeypot is a versatile tool for a security practitioner, of course, they are tools that are meant to be attacked or interacted with to more information about attackers, their motives and tools. In this paper, we will describe usefulness of low-interaction honeypot and high-interaction honeypot and comparison between them. And then we propose hybrid honeypot architecture that combines low and high -interaction honeypot to mitigate the drawback. In this architecture, low-interaction honeypot is used as a traffic filter. Activities like port scanning can be effectively detected by low-interaction honeypot and stop there. Traffic that cannot be handled by low-interaction honeypot is handed over to high-interaction honeypot. In this case, low-interaction honeypot is used as proxy whereas high-interaction honeypot offers the optimal level realism. To prevent the high-interaction honeypot from infections, containment environment (VMware) is used.
Authors:
Keywords:
References:
[1]
P.Diebold,A. Hess, G,Schafer. A Honeypot Architecture
for Detecting and Analyzing Unknown Network Attacks.
In Proc. Oh 14th Kommunikationin Verteilten systemen
2005(KiVS05), Kaiserslautern, Germany, February 2005
[2]
Honeypots: White Paper. Reto Baumann, http:// www.
Rbaumann.net, Christian Plattner, http:// www.
Christianplattner.net
[3
] Research infrastructures action, Sixth framework
programme, D1.1: Honeypot Node Architecture, page 7-24
[4]
Spitzer, Lance. Honeypots, Tracking Hackers. Pdf version.
Addison Wesely,2002.
[5]
Spitzer, Lance. Honeypots- Definitions and Value of
Honeypots. http://www.infosecwriters.com, March 6,2003.
[6]
Honeynet project, The. (2007a). Know your enemy:
Honeynets. Retrieved on 7 October 2007 from http;//www.
Honeynet.org/papers/honeynet/index.html
[7]
Research infrastructures action, Sixth framework
programme, D1.4: Architecture Integration, page 36.
[8]
Niels Provos: Honeyd- Virtual Honeypot,
http://www.honeyd.org/, Provos 2002
[9]
Pouget,F., & Holz, T. (2005). A pointillist approach for
comparing honeypots. In K. Julisch & C. Kruegel (Eds),
Intrusion and malware detection and vulnerability
assessment. Berlin/ Heidelberg: Springer
[10]
Tyad Kuwatly, Malek Sraj, Zaid Al Masri, A Dynamic
Honeypot Design for Intrusion Detection, American U. of
Beirut .2004.
[11]
Research infrastructures action, Sixth framework
programme, D1.2: Attack detection and signature
generation