Author: Rebin B. Khoshnaw
College of Science, Salahaddin University-Erbil
Computer Sciences Department, Cihan University-Erbil
DOI: http://dx.doi.org/10.24086/cuesj.si.2017.n1a4
Abstract
The concern of information security and data protection is growing and getting more critical day by day within organizations and companies. This has led developers and researchers to find advanced ways of defense against attacks on networks. One of these ways is using Honeypots. Honeypot is an information security resource used to protect network resources in the way of diverting attackers from their real targets. At the same time, it is used as a tool intended to be attacked and compromised to collect information about attacks that organizations might face and use the collected data to develop methods for protection against these attacks. Honeypots generally come in many forms and shapes, and they are classified according to the level of interaction with attackers. Low interaction Honeypots are easy to maintain and deploy with few risks. High interaction Honeypots are more advanced in terms of maintenance and deployment and more risky but they will gather more extensive and accurate information than low interactive Honeypots. The aim of this paper is to provide a review on Honeypots. It also analyses Honeypots under three (3) main categories: Implementation, effectiveness and limitation in the security field.
Keywords: Honeypot, Security, low interaction, high interaction, implementation, performance and limitations
References
[1] L. Spitzner, Honeypots: Tracking Hackers: Addison-Wesley 2003.
[2] K. Ingham and S. Forrest, Netwrok Firewalls, 2005.
[3] D. Watson, “Honeynets: a tool for counterintelligence in online security,” Network
Security, vol. 2007, pp. 4-8, 2007.
[4] M. Mansoori, I. Welch, and Q. Fu, “YALIH, yet another low interaction
honeyclient,” presented at the Proceedings of the Twelfth Australasian
Information Security Conference – Volume 149, Auckland, New Zealand, 2014.
[5] TheHoneyProject, Know your enemy, 2nd ed.: Addison-Wesley Professional,
2004.
[6] M. Marchese, R. Surlinelli, and S. Zappatore, “Monitoring unauthorized internet
accesses through a ‘honeypot’ system,” International Journal of Communication
Systems, vol. 24, pp. 75-93, 2011.
[7] S. Litchfield, D. Formby, J. Rogers, S. Meliopoulos, and R. Beyah, “Rethinking
the Honeypot for Cyber-Physical Systems,” IEEE Internet Computing, vol. 20, pp.
9-17, 2016.
[8] N. Provos and T. Holz. (2007). Virtual honeypots : from botnet tracking to
intrusion detection. Available:
http://proquest.safaribooksonline.com/9780321336323
[9] W. Han, Z. Zhao, A. Doup, #233, and G.-J. Ahn, “HoneyMix: Toward SDN-based
Intelligent Honeynet,” presented at the Proceedings of the 2016 ACM
International Workshop on Security in Software Defined Networks &
Network Function Virtualization, New Orleans, Louisiana, USA, 2016.
[10] J. P. Disso, K. Jones, and S. Bailey, “A Plausible Solution to SCADA Security
Honeypot Systems,” in 2013 Eighth International Conference on Broadband and
Wireless Computing, Communication and Applications, 2013, pp. 443-448.
[11] R. A. Grimes, Honeypots for windows: Apress, 2005.
[12] H. Artail, H. Safa, M. Sraj, L. Kuwatly, and Z. Al-Masri, “A hybrid Honeypot
framework for improving intrusion detection systems in protecting organizational
networks,” Computer & Security, vol. 25, pp. 274-288, 2006.
[13] R. Tiwari and A. Jain, “Improving network security and design using honeypots,”
presented at the Proceedings of the CUBE International Information Technology
Conference, Pune, India, 2012.
[14] D. Antonioli, A. Agrawal, and N. O. Tippenhauer, “Towards High-Interaction
Virtual ICS Honeypots-in-a-Box,” presented at the Proceedings of the 2nd ACM
Workshop on Cyber-Physical Systems Security and Privacy, Vienna, Austria,
2016.
[15] M. Dacier, F. Pouget, and H. Debar, “Honeypots: practical means to validate
malicious fault assumptions,” in 10th IEEE Pacific Rim International Symposium
on Dependable Computing, 2004. Proceedings., 2004, pp. 383-388.
[16] D. Forte, “Part II: Honeypots in Detail: the Variations,” Network Security, vol.
2003, pp. 14-15, 2003.
[17] R. Tber, “A Practical Comparison of Low and High Interactivity Honeypots,”
University of Nice Sophia-Antipolis, France, 2005.
[18] S. Yeldi, S. Gupta, T. Ganacharya, S. Doshi, D. Bahirat, R. Ingle, and A.
Roychowdhary, “Enhancing network intrusion detection system with honeypot,”
in TENCON 2003. Conference on Convergent Technologies for Asia-Pacific
Region, 2003, pp. 1521-1526 Vol.4.
[19] E. Carabott. (2011). Defending Against Zero-Day Threats. Available:
https://techtalk.gfi.com/defending-zeroday-threats/