Honeypots evaluation and comparison: helping network administrators in the selection and adoption process
Abstract
Honeypots can simulate vulnerabilities in hosts to attract and detect potential attackers, allowing the analysis and study of malicious behaviour. This paper aims to present an ongoing work where we evaluate different honeypots. This work considers several aspects of honeypots, from their operation to their suitability for adoption. Therefore, we will use a honeynet called T-pot to facilitate using and comparing these honeypots. Additionally, we will demonstrate some of the strengths and weaknesses of honeypots and how efficient they can be in monitoring services and hosts in the network. Finally, we present relevant steps for the future work.
Keywords:
Cibersecurity, Honeypot, Honeynet
References
Javadpour, A. et al. A comprehensive survey on cyber deception techniques to improve honeypot performance. Computers & Security, v. 140, p. 103792, 2024. ISSN 0167-4048.
Zhang, F. et al. Honeypot: a supplemented active defense system for network security. In: PROCEEDINGS of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies. 2003. P. 231–235.
Qassrawi, M. T.; Zhang, H. Client honeypots: Approaches and challenges. In: 4TH International Conference on New Trends in Information Science and Service Science. 2010. P. 19–25.
Razali, M. F. et al. IoT Honeypot: A Review from Researcher’s Perspective. In: 2018 IEEE Conference on Application, Information and Network Security (AINS). 2018. P. 93–98.
Stoll, C. Stalking the Wily Hacker. Communications of the ACM. Association for Computing Machinery, 1988.
Stoll, C. The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage. Doubleday, 1989.
Spitzner, L. Honeypots: Tracking Hackers. Addison-Wesley, 2002.
Franco, J. et al. A Survey of Honeypots and Honeynets for Internet of Things, Industrial Internet of Things, and Cyber-Physical Systems. IEEE Communications Surveys & Tutorials, v. 23, n. 4, p. 2351–2383, 2021.
Wei, X.; Yang, D. Study on Active Defense of Honeypot-Based Industrial Control Network. In: 2021 IEEE 23rd Int Conf on High Performance Computing & Communications; 7th Int Conf on Data Science & Systems; 19th Int Conf on Smart City; 7th Int Conf on Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC/DSS/SmartCity/DependSys). 2021. P. 2019–2022.
Sun, Y. et al. Honeypot Identification in Softwarized Industrial Cyber–Physical Systems. IEEE Transactions on Industrial Informatics, v. 17, n. 8, p. 5542–5551, 2021.
Paul, S. et al. Exploring the Impact of AI-based Honey-pots on Network Security. Educational Administration: Theory and Practice, Educational Administration: Theory e Practice, p. 251–258, jun. 2024.
Matin, I. M. M.; Rahardjo, B. The Use of Honeypot in Machine Learning Based on Malware Detection: A Review. In: 2020 8th International Conference on Cyber and IT Service Management (CITSM). 2020. P. 1–6.
HONEYPOT and cyber deception as a tool for detecting cyber attacks on critical infrastructure. 2023. Disponível em: [link].
T-POT - The All In One Multi Honeypot Platform. Nov. 2024. Disponível em: [link].
SICHERHEITSTACHO. Nov. 2024. Disponível em: [link].
Moric, Z. et al. Honeypots in Cybersecurity: Their Analysis, Evaluation and Importance. Preprints, Pre-prints, ago. 2024. DOI: 10.20944/preprints202408.0946.v1.
Zhang, F. et al. Honeypot: a supplemented active defense system for network security. In: PROCEEDINGS of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies. 2003. P. 231–235.
Qassrawi, M. T.; Zhang, H. Client honeypots: Approaches and challenges. In: 4TH International Conference on New Trends in Information Science and Service Science. 2010. P. 19–25.
Razali, M. F. et al. IoT Honeypot: A Review from Researcher’s Perspective. In: 2018 IEEE Conference on Application, Information and Network Security (AINS). 2018. P. 93–98.
Stoll, C. Stalking the Wily Hacker. Communications of the ACM. Association for Computing Machinery, 1988.
Stoll, C. The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage. Doubleday, 1989.
Spitzner, L. Honeypots: Tracking Hackers. Addison-Wesley, 2002.
Franco, J. et al. A Survey of Honeypots and Honeynets for Internet of Things, Industrial Internet of Things, and Cyber-Physical Systems. IEEE Communications Surveys & Tutorials, v. 23, n. 4, p. 2351–2383, 2021.
Wei, X.; Yang, D. Study on Active Defense of Honeypot-Based Industrial Control Network. In: 2021 IEEE 23rd Int Conf on High Performance Computing & Communications; 7th Int Conf on Data Science & Systems; 19th Int Conf on Smart City; 7th Int Conf on Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC/DSS/SmartCity/DependSys). 2021. P. 2019–2022.
Sun, Y. et al. Honeypot Identification in Softwarized Industrial Cyber–Physical Systems. IEEE Transactions on Industrial Informatics, v. 17, n. 8, p. 5542–5551, 2021.
Paul, S. et al. Exploring the Impact of AI-based Honey-pots on Network Security. Educational Administration: Theory and Practice, Educational Administration: Theory e Practice, p. 251–258, jun. 2024.
Matin, I. M. M.; Rahardjo, B. The Use of Honeypot in Machine Learning Based on Malware Detection: A Review. In: 2020 8th International Conference on Cyber and IT Service Management (CITSM). 2020. P. 1–6.
HONEYPOT and cyber deception as a tool for detecting cyber attacks on critical infrastructure. 2023. Disponível em: [link].
T-POT - The All In One Multi Honeypot Platform. Nov. 2024. Disponível em: [link].
SICHERHEITSTACHO. Nov. 2024. Disponível em: [link].
Moric, Z. et al. Honeypots in Cybersecurity: Their Analysis, Evaluation and Importance. Preprints, Pre-prints, ago. 2024. DOI: 10.20944/preprints202408.0946.v1.
Published
2024-11-27
How to Cite
GONÇALVES, Pamela Moura; SANTOS, Fabiano da Silva; CHEMELLO, Fernando Guerreiro; LUNARDI, Roben Castagna.
Honeypots evaluation and comparison: helping network administrators in the selection and adoption process. In: REGIONAL SCHOOL OF COMPUTER NETWORKS (ERRC), 21. , 2024, Rio Grande/RS.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 200-203.
DOI: https://doi.org/10.5753/errc.2024.4683.
