{"title":"Hybrid Honeypot System for Network Security","authors":"Kyi Lin Lin Kyaw","volume":24,"journal":"International Journal of Computer and Information Engineering","pagesStart":4085,"pagesEnd":4090,"ISSN":"1307-6892","URL":"https:\/\/publications.waset.org\/pdf\/14105","abstract":"Nowadays, we are facing with network threats that\r\ncause enormous damage to the Internet community day by day. In\r\nthis situation, more and more people try to prevent their network\r\nsecurity using some traditional mechanisms including firewall,\r\nIntrusion Detection System, etc. Among them honeypot is a versatile\r\ntool for a security practitioner, of course, they are tools that are meant\r\nto be attacked or interacted with to more information about attackers,\r\ntheir motives and tools. In this paper, we will describe usefulness of\r\nlow-interaction honeypot and high-interaction honeypot and\r\ncomparison between them. And then we propose hybrid honeypot\r\narchitecture that combines low and high -interaction honeypot to\r\nmitigate the drawback. In this architecture, low-interaction honeypot\r\nis used as a traffic filter. Activities like port scanning can be\r\neffectively detected by low-interaction honeypot and stop there.\r\nTraffic that cannot be handled by low-interaction honeypot is handed\r\nover to high-interaction honeypot. In this case, low-interaction\r\nhoneypot is used as proxy whereas high-interaction honeypot offers\r\nthe optimal level realism. To prevent the high-interaction honeypot\r\nfrom infections, containment environment (VMware) is used.","references":"[1]\r\nP.Diebold,A. Hess, G,Schafer. A Honeypot Architecture\r\nfor Detecting and Analyzing Unknown Network Attacks.\r\nIn Proc. Oh 14th Kommunikationin Verteilten systemen\r\n2005(KiVS05), Kaiserslautern, Germany, February 2005\r\n[2]\r\nHoneypots: White Paper. Reto Baumann, http:\/\/ www.\r\nRbaumann.net, Christian Plattner, http:\/\/ www.\r\nChristianplattner.net\r\n[3\r\n] Research infrastructures action, Sixth framework\r\nprogramme, D1.1: Honeypot Node Architecture, page 7-24\r\n[4]\r\nSpitzer, Lance. Honeypots, Tracking Hackers. Pdf version.\r\nAddison Wesely,2002.\r\n[5]\r\nSpitzer, Lance. Honeypots- Definitions and Value of\r\nHoneypots. http:\/\/www.infosecwriters.com, March 6,2003.\r\n[6]\r\nHoneynet project, The. (2007a). Know your enemy:\r\nHoneynets. Retrieved on 7 October 2007 from http;\/\/www.\r\nHoneynet.org\/papers\/honeynet\/index.html\r\n[7]\r\nResearch infrastructures action, Sixth framework\r\nprogramme, D1.4: Architecture Integration, page 36.\r\n[8]\r\nNiels Provos: Honeyd- Virtual Honeypot,\r\nhttp:\/\/www.honeyd.org\/, Provos 2002\r\n[9]\r\nPouget,F., & Holz, T. (2005). A pointillist approach for\r\ncomparing honeypots. In K. Julisch & C. Kruegel (Eds),\r\nIntrusion and malware detection and vulnerability\r\nassessment. Berlin\/ Heidelberg: Springer\r\n[10]\r\nTyad Kuwatly, Malek Sraj, Zaid Al Masri, A Dynamic\r\nHoneypot Design for Intrusion Detection, American U. of\r\nBeirut .2004.\r\n[11]\r\nResearch infrastructures action, Sixth framework\r\nprogramme, D1.2: Attack detection and signature\r\ngeneration","publisher":"World Academy of Science, Engineering and Technology","index":"Open Science Index 24, 2008"}