Published in International Journal of Advanced Research in Computer Science Engineering and Information Technology
ISSN: 2321-3337 Impact Factor:1.521 Volume:3 Issue:1 Year: 27 June,2014 Pages:375-387
Now a days, we are facing with network threats that cause enormous damage to the Internet community day by day. In this situation, more and more people try to prevent their network security using some traditional mechanisms including firewall, Intrusion Detection System, etc. Among them “Honeypot” is a versatile tool for a security practitioner, of course, they are tools that are meant to be attacked or interacted with “to gain more information about attackers, their motives and tools”. In this paper, we will describe usefulness of low-interaction honeypot and high-interaction honeypot and comparison between them. And then we propose hybrid honeypot architecture that combines low and high -interaction honeypot to mitigate the drawback. In this architecture, low-interaction honeypot is used as a traffic filter. Activities like port scanning can be effectively detected by low-interaction honeypot and stop there. Traffic that cannot be handled by low-interaction honeypot is handed over to high-interaction honeypot. In this case, low-interaction honeypot is used as proxy whereas high-interaction honeypot offers the optimal level realism. To prevent the high-interaction honeypot from infections, containment environment (VMware) is used.
Low-interaction honeypot, High-interaction honeypot, VMware, Proxy, etc.
[1] P.Diebold,A. Hess, G,Schafer. A Honeypot Architecture for Detecting and Analyzing Unknown Network Attacks. In Proc. Oh 14th Kommunikationin Verteilten system 2005(KiVS05), Kaiserslautern, Germany, February 2005 [2] Honeypots: White Paper. Reto Baumann, http:// www. Rbaumann.net, Christian Plattner, http:// www. Christianplattner.net [3] Research infrastructures action, Sixth framework programme, D1.1: Honeypot Node Architecture, page 7-24 [4] Spitzer, Lance. Honeypots, Tracking Hackers. Pdf version. Addison Wesely,2002. [5] Spitzer, Lance. Honeypots- Definitions and Value of Honeypots. http://www.infosecwriters.com, March 6,2003. [6] Honeynet project, The. (2007a). Know your enemy: Honeynets. Retrieved on 7 October 2007 from http;//www. Honeynet.org/papers/honeynet/index.html [7] Research infrastructures action, Sixth framework programme, D1.4: Architecture Integration, page 36. [8] Niels Provos: Honeyd- Virtual Honeypot, http://www.honeyd.org/, Provos 2002 [9] Pouget,F., & Holz, T. (2005). A pointillist approach for comparing honeypots. In K. Julisch & C. Kruegel (Eds), Intrusion and Detection