Avaliação e comparação de honeypots: auxiliando administradores de rede na escolha e adoção

Pamela Moura Gonçalves; Fabiano da Silva Santos; Fernando Guerreiro Chemello; Roben Castagna Lunardi

doi:10.5753/errc.2024.4683

Pamela Moura Gonçalves Instituto Federal do Rio Grande do Sul (IFRS)
Fabiano da Silva Santos Instituto Federal do Rio Grande do Sul (IFRS)
Fernando Guerreiro Chemello Instituto Federal do Rio Grande do Sul (IFRS)
Roben Castagna Lunardi Instituto Federal do Rio Grande do Sul (IFRS) https://orcid.org/0000-0002-8118-0802

DOI: https://doi.org/10.5753/errc.2024.4683

Resumo

Honeypots podem simular vulnerabilidades em hosts para atrair e detectar possíveis atacantes, possibilitando a análise e estudo de comportamentos maliciosos. Este trabalho tem como objetivo apresentar um trabalho em andamento onde avaliamos diferentes honeypots. Neste trabalho, consideramos diversos aspectos dos honeypots, desde seu funcionamento até sua adequação para uso. Para isso, utilizaremos uma honeynet chamada T-pot para facilitar o uso e comparação destes honeypots. Desta forma, demonstraremos alguns de pontos fortes e fracos dos honeypots e o quanto eles podem ser eficientes para supervisionar serviços e hosts na rede. Por fim, apresentamos os passos necessários para a continuação do trabalho.

Palavras-chave: Cibersegurança, Honeypot, Honeynet

Referências

Javadpour, A. et al. A comprehensive survey on cyber deception techniques to improve honeypot performance. Computers & Security, v. 140, p. 103792, 2024. ISSN 0167-4048.

Zhang, F. et al. Honeypot: a supplemented active defense system for network security. In: PROCEEDINGS of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies. 2003. P. 231–235.

Qassrawi, M. T.; Zhang, H. Client honeypots: Approaches and challenges. In: 4TH International Conference on New Trends in Information Science and Service Science. 2010. P. 19–25.

Razali, M. F. et al. IoT Honeypot: A Review from Researcher’s Perspective. In: 2018 IEEE Conference on Application, Information and Network Security (AINS). 2018. P. 93–98.

Stoll, C. Stalking the Wily Hacker. Communications of the ACM. Association for Computing Machinery, 1988.

Stoll, C. The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage. Doubleday, 1989.

Spitzner, L. Honeypots: Tracking Hackers. Addison-Wesley, 2002.

Franco, J. et al. A Survey of Honeypots and Honeynets for Internet of Things, Industrial Internet of Things, and Cyber-Physical Systems. IEEE Communications Surveys & Tutorials, v. 23, n. 4, p. 2351–2383, 2021.

Wei, X.; Yang, D. Study on Active Defense of Honeypot-Based Industrial Control Network. In: 2021 IEEE 23rd Int Conf on High Performance Computing & Communications; 7th Int Conf on Data Science & Systems; 19th Int Conf on Smart City; 7th Int Conf on Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC/DSS/SmartCity/DependSys). 2021. P. 2019–2022.

Sun, Y. et al. Honeypot Identification in Softwarized Industrial Cyber–Physical Systems. IEEE Transactions on Industrial Informatics, v. 17, n. 8, p. 5542–5551, 2021.

Paul, S. et al. Exploring the Impact of AI-based Honey-pots on Network Security. Educational Administration: Theory and Practice, Educational Administration: Theory e Practice, p. 251–258, jun. 2024.

Matin, I. M. M.; Rahardjo, B. The Use of Honeypot in Machine Learning Based on Malware Detection: A Review. In: 2020 8th International Conference on Cyber and IT Service Management (CITSM). 2020. P. 1–6.

HONEYPOT and cyber deception as a tool for detecting cyber attacks on critical infrastructure. 2023. Disponível em: [link].

T-POT - The All In One Multi Honeypot Platform. Nov. 2024. Disponível em: [link].

SICHERHEITSTACHO. Nov. 2024. Disponível em: [link].

Moric, Z. et al. Honeypots in Cybersecurity: Their Analysis, Evaluation and Importance. Preprints, Pre-prints, ago. 2024. DOI: 10.20944/preprints202408.0946.v1.