Nowadays, we are facing with network threats that
cause enormous damage to the Internet community day by day. In
this situation, more and more people try to prevent their network
security using some traditional mechanisms including firewall,
Intrusion Detection System, etc. Among them honeypot is a versatile
tool for a security practitioner, of course, they are tools that are meant
to be attacked or interacted with to more information about attackers,
their motives and tools. In this paper, we will describe usefulness of
low-interaction honeypot and high-interaction honeypot and
comparison between them. And then we propose hybrid honeypot
architecture that combines low and high -interaction honeypot to
mitigate the drawback. In this architecture, low-interaction honeypot
is used as a traffic filter. Activities like port scanning can be
effectively detected by low-interaction honeypot and stop there.
Traffic that cannot be handled by low-interaction honeypot is handed
over to high-interaction honeypot. In this case, low-interaction
honeypot is used as proxy whereas high-interaction honeypot offers
the optimal level realism. To prevent the high-interaction honeypot
from infections, containment environment (VMware) is used.
[1]
P.Diebold,A. Hess, G,Schafer. A Honeypot Architecture
for Detecting and Analyzing Unknown Network Attacks.
In Proc. Oh 14th Kommunikationin Verteilten systemen
2005(KiVS05), Kaiserslautern, Germany, February 2005
[2]
Honeypots: White Paper. Reto Baumann, http:// www.
Rbaumann.net, Christian Plattner, http:// www.
Christianplattner.net
[3
] Research infrastructures action, Sixth framework
programme, D1.1: Honeypot Node Architecture, page 7-24
[4]
Spitzer, Lance. Honeypots, Tracking Hackers. Pdf version.
Addison Wesely,2002.
[5]
Spitzer, Lance. Honeypots- Definitions and Value of
Honeypots. http://www.infosecwriters.com, March 6,2003.
[6]
Honeynet project, The. (2007a). Know your enemy:
Honeynets. Retrieved on 7 October 2007 from http;//www.
Honeynet.org/papers/honeynet/index.html
[7]
Research infrastructures action, Sixth framework
programme, D1.4: Architecture Integration, page 36.
[8]
Niels Provos: Honeyd- Virtual Honeypot,
http://www.honeyd.org/, Provos 2002
[9]
Pouget,F., & Holz, T. (2005). A pointillist approach for
comparing honeypots. In K. Julisch & C. Kruegel (Eds),
Intrusion and malware detection and vulnerability
assessment. Berlin/ Heidelberg: Springer
[10]
Tyad Kuwatly, Malek Sraj, Zaid Al Masri, A Dynamic
Honeypot Design for Intrusion Detection, American U. of
Beirut .2004.
[11]
Research infrastructures action, Sixth framework
programme, D1.2: Attack detection and signature
generation
[1]
P.Diebold,A. Hess, G,Schafer. A Honeypot Architecture
for Detecting and Analyzing Unknown Network Attacks.
In Proc. Oh 14th Kommunikationin Verteilten systemen
2005(KiVS05), Kaiserslautern, Germany, February 2005
[2]
Honeypots: White Paper. Reto Baumann, http:// www.
Rbaumann.net, Christian Plattner, http:// www.
Christianplattner.net
[3
] Research infrastructures action, Sixth framework
programme, D1.1: Honeypot Node Architecture, page 7-24
[4]
Spitzer, Lance. Honeypots, Tracking Hackers. Pdf version.
Addison Wesely,2002.
[5]
Spitzer, Lance. Honeypots- Definitions and Value of
Honeypots. http://www.infosecwriters.com, March 6,2003.
[6]
Honeynet project, The. (2007a). Know your enemy:
Honeynets. Retrieved on 7 October 2007 from http;//www.
Honeynet.org/papers/honeynet/index.html
[7]
Research infrastructures action, Sixth framework
programme, D1.4: Architecture Integration, page 36.
[8]
Niels Provos: Honeyd- Virtual Honeypot,
http://www.honeyd.org/, Provos 2002
[9]
Pouget,F., & Holz, T. (2005). A pointillist approach for
comparing honeypots. In K. Julisch & C. Kruegel (Eds),
Intrusion and malware detection and vulnerability
assessment. Berlin/ Heidelberg: Springer
[10]
Tyad Kuwatly, Malek Sraj, Zaid Al Masri, A Dynamic
Honeypot Design for Intrusion Detection, American U. of
Beirut .2004.
[11]
Research infrastructures action, Sixth framework
programme, D1.2: Attack detection and signature
generation
@article{"International Journal of Information, Control and Computer Sciences:63106", author = "Kyi Lin Lin Kyaw", title = "Hybrid Honeypot System for Network Security", abstract = "Nowadays, we are facing with network threats that
cause enormous damage to the Internet community day by day. In
this situation, more and more people try to prevent their network
security using some traditional mechanisms including firewall,
Intrusion Detection System, etc. Among them honeypot is a versatile
tool for a security practitioner, of course, they are tools that are meant
to be attacked or interacted with to more information about attackers,
their motives and tools. In this paper, we will describe usefulness of
low-interaction honeypot and high-interaction honeypot and
comparison between them. And then we propose hybrid honeypot
architecture that combines low and high -interaction honeypot to
mitigate the drawback. In this architecture, low-interaction honeypot
is used as a traffic filter. Activities like port scanning can be
effectively detected by low-interaction honeypot and stop there.
Traffic that cannot be handled by low-interaction honeypot is handed
over to high-interaction honeypot. In this case, low-interaction
honeypot is used as proxy whereas high-interaction honeypot offers
the optimal level realism. To prevent the high-interaction honeypot
from infections, containment environment (VMware) is used.", keywords = "Low-interaction honeypot, High-interactionhoneypot, VMware, Proxy", volume = "2", number = "12", pages = "4234-5", }