Abstract
Honeypots are designed to trap the attacker with the purpose of investigating its malicious behavior. Owing to the increasing variety and sophistication of cyber attacks, how to capture high-quality attack data has become a challenge in the context of honeypot area. All-round honeypots, which mean a significant improvement in sensibility, countermeasure, and stealth, are necessary to tackle the problem. In this paper, we propose a novel honeypot architecture termed HoneyDOC to support all-round honeypot design and implementation. Our HoneyDOC architecture clearly identifies three essential independent and collaborative modules, Decoy, Captor, and Orchestrator. Based on the efficient architecture, a software-defined networking-enabled honeypot system is designed, which supplies a high programmability for technically sustaining the features for capturing high-quality data. A proof-of-concept system is implemented to validate its feasibility and effectiveness. The experimental results show the benefits by using the proposed architecture compared with the previous honeypot solutions.
| Original language | English |
|---|---|
| Article number | 8635491 |
| Pages (from-to) | 683-697 |
| Number of pages | 15 |
| Journal | IEEE Journal on Selected Areas in Communications |
| Volume | 37 |
| Issue number | 3 |
| DOIs | |
| Publication status | Published - Mar 2019 |
| Externally published | Yes |
Keywords
- Honeypot
- cyber deception
- cyber security
- intrusion response
- network softwarization
- traffic redirection