Strengthening MT6D Defenses with LXC-Based Honeypot Capabilities

Moving Target IPv6 Defense MT6D imparts radio-frequency hopping behavior to IPv6 networks by having participating nodes periodically hop onto new addresses while giving up old addresses. Our previous research efforts implemented a solution to identify and acquire these old addresses that are being discarded by MT6D hosts on a local network besides being able to monitor and visualize the incoming traffic on these addresses. This was essentially equivalent to forming a darknet out of the discarded MT6D addresses, but the solution presented in the previous research effort did not include database integration for it to scale and be extended. This paper presents a solution with a new architecture that not only extends the previous solution in terms of automation and database integration but also demonstrates the ability to deploy a honeypot on a virtual LXC Linux Container on-demand based on any interesting traffic pattern observed on a discarded address. The proposed architecture also allows an MT6D host to query the solution database for network activity on its relinquished addresses as a JavaScript Object Notation JSON object. This allows an MT6D host to identify suspicious activity on its discarded addresses and strengthen the MT6D scheme parameters accordingly. We have built a proof-of-concept for the proposed solution and analyzed the solution’s feasibility and scalability.

[1]  Hirofumi Yamaki,et al.  An Adaptive Honeypot System to Capture IPv6 Address Scans , 2012, 2012 International Conference on Cyber Security.

[2]  Kara L. Nance,et al.  Dynamic Honeypot Construction , 2006 .

[3]  Christopher Morrell,et al.  Scaling IPv6 address bindings in support of a moving target defense , 2014, The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014).

[4]  Christopher Morrell,et al.  DHT Blind Rendezvous for Session Establishment in Network Layer Moving Target Defenses , 2015, MTD@CCS.

[5]  Joseph G. Tront,et al.  Attention: moving target defense networks, how well are you moving? , 2015, Conf. Computing Frontiers.

[6]  Pavol Sokol Digital evidence in virtual honeynets based on operating system level virtualization , .

[7]  Albert Walter Brzeczko Scalable framework for turn-key honeynet deployment , 2014 .

[8]  Joseph G. Tront,et al.  The Blind Man's Bluff Approach to Security Using IPv6 , 2012, IEEE Security & Privacy.

[9]  Joseph G. Tront,et al.  MT6D: A Moving Target IPv6 Defense , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[10]  H. Artail,et al.  A Dynamic Honeypot Design for Intrusion Detection , 2004, The IEEE/ACS International Conference on Pervasive Services.

[11]  Lance Spitzner,et al.  Honeypots: catching the insider threat , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[12]  Jeff L. Hieb Anomaly based intrusion detection for network monitoring using a dynamic honeypot. , 2004 .