Versatile virtual honeynet management framework

Honeypots are designed to investigate malicious behaviour. Each type of homogeneous honeypot system has its own characteristics in respect of specific security functionality, and also suffers functional drawbacks that restrict its application scenario. In practical scenarios, therefore, security researchers always need to apply heterogeneous honeypots to cope with different attacks. However, there is a lack of general tools or platforms that can support versatile honeynet deployment in order to investigate the malicious behavior. In this study, the authors propose a versatile virtual honeynet management tool to address this problem. It is a flexible tool that offers security researchers the versatility to deploy various types of honeypots. It can also generate and manage the virtual honeynet through a dynamic configuration approach adapting to the mutable network environment. The experimental results demonstrate that this tool is effective to perform automated honeynet deployment toward a variety of heterogeneous honeypots.

[1]  Claudia Eckert,et al.  Nitro: Hardware-Based System Call Tracing for Virtual Machines , 2011, IWSEC.

[2]  Niels Provos,et al.  A Virtual Honeypot Framework , 2004, USENIX Security Symposium.

[3]  Aitor Corchero,et al.  Distributed virtual scenarios over multi-host Linux environments , 2011, 2011 5th International DMTF Academic Alliance Workshop on Systems and Virtualization Management: Standards and the Cloud (SVM).

[4]  Brian Hay,et al.  Automated Honeynet Deployment for Dynamic Network Environment , 2013, 2013 46th Hawaii International Conference on System Sciences.

[5]  Alistair N. Coles,et al.  The SmartFrog configuration management framework , 2009, OPSR.

[6]  Kara L. Nance,et al.  Dynamic Honeypot Construction , 2006 .

[7]  H. Artail,et al.  A Dynamic Honeypot Design for Intrusion Detection , 2004, The IEEE/ACS International Conference on Pervasive Services.

[8]  Nogal Memari,et al.  Towards virtual honeynet based on LXC virtualization , 2014, 2014 IEEE REGION 10 SYMPOSIUM.

[9]  Michael Vrable,et al.  Scalability, fidelity, and containment in the potemkin virtual honeyfarm , 2005, SOSP '05.

[10]  Wenjun Fan,et al.  Technology independent honeynet description language , 2015, 2015 3rd International Conference on Model-Driven Engineering and Software Development (MODELSWARD).

[11]  Alen Capalik Next-Generation Honeynet Technology with Real-Time Forensics for U.S. Defense , 2007, MILCOM 2007 - IEEE Military Communications Conference.