Abstract
Honeypots have been largely employed to help securing computer systems and capture malicious activities. At present, virtual honeynets -network scenarios made of virtual honeypots- are frequently used to investigate the adversary’s behaviour. The static deploying scheme used traditionally, in which the configuration of the honeynet is determined by security experts beforehand, lacks the capability of dynamically adapting its configuration after deployment. In this paper, a new adaptive and flexible virtual honeynet management system is proposed that dynamically creates, configures and deploys both low-interaction and high-interaction honeypots, emulating multiple operating systems. The results and measurements of the experiments carried out illustrate that new virtual honeynet system is more capable than previous virtual honeynet architectures.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Spitzner, L.: The Value of Honeypots, Part One: Definitions and Values of Honeypots, 10 Oct 2001. http://www.symantec.com/connect/articles/value-honeypots-part-one-definitions-and-values-honeypots
Provos, N.: A virtual honeypot framework. In: SSYM 2004 Proceedings of the 13th Conference on USENIX Security Symposium, vol. 13 (2004)
Hecker, C., Hay, B.: Automated honeynet deployment for dynamic network environment. In: 2013 46th Hawaii International Conference on System Sciences (HICSS), pp. 4880–4889, 7–10 Jan 2013
Fu, X., Bryan, G., Cheng, D., Bettati, R., Zhao, W.: Camouflaging virtual honeypots. In: Texas A&M University (2005)
Wang, H., Chen, Q.: Dynamic deploying distributed low-interaction honeynet. J. Comput. N. Am. 7, 692–698 (2012)
Yan, L.K.: Virtual honeynets revisited. In: Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop, IAW 2005. pp. 232–239, 15–17 June 2005
Galán, F., Fernández, D.: Use of VNUML in Virtual Honeynets Deployment. IX Reunión Española sobre Criptología y Seguridad de la Información (RECSI), Barcelona (Spain), September 2006. ISBN: 84-9788-502-3
Abbasi, F.H., Harris, R.J.: Experiences with a generation III virtual honeynet. In: 2009 Australasian, Telecommunication Networks and Applications Conference (ATNAC), pp. 1–6, 10–12 Nov 2009
Honeynet Project. Know Your Enemy: Sebek, A kernel based data capture tool, 17 November 2003. http://old.honeynet.org/papers/sebek.pdf
Stoll, C.: The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage. Pocket, New York (1990)
Spitzner, L.: Honeytokens: The Other Honeypot, 17 July 2003. http://www.symantec.com/connect/articles/honeytokens-other-honeypot
Provos, N., Holz, T.: Virtual Honeypots: From Botnet Tracking to Intrusion Detection, 1st edn. Addison-Wesley Professional, Boston (2007)
Honeynet Project. Know Your Enemy: Honeynets, 26 April 2001. http://www.symantec.com/connect/articles/know-your-enemy-honeynets
Stumpf, F., Görlach, A., Homann, F., Bruuckner, L.: NoSE - building virtual honeynets made easy. In: Proceedings of the 12th International Linux System Technology Conference, Hamburg, Germany (2005)
Honeynet Project. Know Your Tools: Qebek – Conceal the Monitoring, 03 Nov 2010. http://www.honeynet.org/papers/KYT_qebek
Fernandez, D., Cordero, A., Somavilla, J., Rodriguez, J., Corchero, A., Tarrafeta, L., Galan, F.: Distributed virtual scenarios over multi-host Linux environments. In: 5th International DMTF Academic Alliance Workshop on Systems and Virtualization Management (SVM), pp. 1–8, 24 Oct 2011
Pfoh, J., Schneider, C., Eckert, C.: Nitro: hardware-based system call tracing for virtual machines. In: Iwata, T., Nishigaki, M. (eds.) IWSEC 2011. LNCS, vol. 7038, pp. 96–112. Springer, Heidelberg (2011)
Berthier, R., Cukier, M.: Honeybrid: a hybrid honeypot architecture. In: USENIX Security Symposium 2008 (2008)
Jiang, X., Wang, X.: “Out-of-the-box” monitoring of VM-based high-interaction honeypots. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 198–218. Springer, Heidelberg (2007)
Honeynet Project. Know Your Enemy: Defining Virtual Honeynets, 27 January 2001. http://old.honeynet.org/papers/virtual/
Capalik, A.: Next-generation honeynet technology with real-time forensics for U.S. defense. In: Military Communications Conference, MILCOM 2007, pp. 1–7. IEEE, 29–31 Oct 2007
Memari, N., Hashim, S.J.B., Samsudin, K.B.: Towards virtual honeynet based on LXC virtualization. In: 2014 IEEE Region 10 Symposium, pp. 496– 501, 14–16 April 2014
Acknowledgement
This research is supported in part by National Natural Science Foundation of China (No. 61440057, 61272087, 61363019 and 61073008), Beijing Natural Science Foundation (No. 4082016 and 4122039), the Sci-Tech Interdisciplinary Innovation and Cooperation Team Program of the Chinese Academy of Sciences, the Specialized Research Fund for State Key Laboratories. It also has been partially funded with support from the Spanish MICINN (project RECLAMO, Virtual and Collaborative Honeynets based on Trust Management and Autonomous Systems applied to Intrusion Management, with codes TIN2011-28287- C02-01 and TIN2011-28287-C02-02) and the European Commission (FEDER/ERDF).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Fan, W., Fernández, D., Du, Z. (2015). Adaptive and Flexible Virtual Honeynet. In: Boumerdassi, S., Bouzefrane, S., Renault, É. (eds) Mobile, Secure, and Programmable Networking. MSPN 2015. Lecture Notes in Computer Science(), vol 9395. Springer, Cham. https://doi.org/10.1007/978-3-319-25744-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-25744-0_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-25743-3
Online ISBN: 978-3-319-25744-0
eBook Packages: Computer ScienceComputer Science (R0)