ADVANCED HONEYPOT ARCHITECTURE FOR NETWORK THREATS QUANTIFICATION

ABSTRACT

Through the general usage of computer technology, a large number of devices have become interconnected with other systems. The threat landscape is evolving every day in a fast and with humanity’s increasing dependency on computerized equipment and networks; securing these systems became highly important.

With the aim of learning about the attack patterns and behavior, a systematic device under the name of honeypots has been deployed. In computer security, honeypots are mechanisms set to detect, deflect, or counteract any attempt that aims at the unauthorized use of production systems. With the use of this technology, vital information can be learned about the attacker proceedings and motives as well as their technical knowledge and abilities.

As computer networks are frequently targeted by various hostile activities independently of their scale, honeypots became subject to intensive research for quite some time. One of the common used honeypot solutions was Honeyd. Honeyd is a hosted platform that allows the creation of virtual network hosts, which can be configured to mimic the network stack of different operating systems (OS).

The computing virtual systems can be put together in standard network topologies, where Honeyd can distribute the routing of network traffic. Honeyd device has been handling many network connections and allowing monitoring activity on a wide Internet Protocol (IP) address space instead of the usual single IP address for other honey-pots.

The popularity of Honeyd’s development decreases, since Honeyd’s development has ended and its maintenance has been abandoned for years. The purpose for this work is to create and develop honeypot solution based on principles of Honeyd. This research project describes honeypots in general by providing a short analysis of key ideas behind Honeyd and explains the design choices and implementation details for our solution.

Honey pot is a new technology with enormous potential for the security community. It is a platform that is intended in attacking and compromising in order to gain more information about the attacker and his attack techniques. They are standard tools which come in many shapes and sizes. This research project will undergo with understanding of what a honey pot is, and how it works. There are different varieties of honey pots and based on their category they have different applications. This research project will give an insight into the use of honey pots in productive and as well as educative environments. This research project will also discuss the advantages and disadvantages of the use honey pots.

The main goal of this work is to create a functional prototype of a honeypot and contribute the solution to the security community for further use and future research. These devices can imitate several operating systems on the network stack level. Lastly, the honeypot design is able to operate as a proxy that can forward the intercepted traffic to remote hosts, while the information of the origin of attacks is not obfuscated. This paper primarily addresses those, who are involved in honeypot research or security professionals who rely on honeypots for their work.