Securing Distributed Computer Systems Using an Advanced Sophisticated Hybrid Honeypot Technology
keywords: Honeypot, hybrid honeypot, virtual honeypots, malicious code, security of computer systems
Computer system security is the fastest developing segment in information technology. The conventional approach to system security is mostly aimed at protecting the system, while current trends are focusing on more aggressive forms of protection against potential attackers and intruders. One of the forms of protection is also the application of advanced technology based on the principle of baits -- honeypots. Honeypots are specialized devices aimed at slowing down or diverting the attention of attackers from the critical system resources to allow future examination of the methods and tools used by the attackers. Currently, most honeypots are being configured and managed statically. This paper deals with the design of a sophisticated hybrid honeypot and its properties having in mind enhancing computer system security. The architecture of a sophisticated hybrid honeypot is represented by a single device capable of adapting to a constantly changing environment by using active and passive scanning techniques, which mitigate the disadvantages of low-interaction and high-interaction honeypots. The low-interaction honeypot serves as a proxy for multiple IP addresses and filters out traffic beyond concern, while the high-interaction honeypot provides an optimum level of interaction. The proposed architecture employing the prototype of a hybrid honeypot featuring autonomous operation should represent a security mechanism minimizing the disadvantages of intrusion detection systems and can be used as a solution to increase the security of a distributed computer system rapidly, both autonomously and in real-time.
mathematics subject classification 2000: 68-U99
reference: Vol. 36, 2017, No. 1, pp. 113–139