VICTORIA UNIVERSITY OF WELLINGTON

In this paper, we present a taxonomy of honeypots. This taxonomy adheres to the characteristics defined by Lindqvist et al and Krsul. We describe how to assign honeypots to classes via step-by-step instructions. We include six classes as part of the taxonomy's classification scheme: interaction level, data capture, containment , distribution appearance, communication interface, and role in a multi-tier architecture. We applied the classification scheme to classify seven distinctly separated these honeypots into different classes. The overall classification provided insight into current honeypot technology. Functional gaps exist around containment of malicious activity and utilization of non-network hardware interfaces. The classification also assisted us in predicting honeypot technology of tomorrow. In particular, it pointed towards a possible future honeypot technology of low interaction client honeypots.