Computer system security is the fastest developing segment in information technology. The conventional approach to system security is mostly aimed at protecting the system, while current trends are focusing on more aggressive forms of protection against potential attackers and intruders. One of the forms of protection is also the application of advanced technology based on the principle of baits - honeypots. Honeypots are specialized devices aimed at slowing down or diverting the attention of attackers from the critical system resources to allow future examination of the methods and tools used by the attackers. Currently, most honeypots are being configured and managed statically. This paper deals with the design of a sophisticated hybrid honeypot and its properties having in mind enhancing computer system security. The architecture of a sophisticated hybrid honeypot is represented by a single device capable of adapting to a constantly changing environment by using active and passive scanning techniques, which mitigate the disadvantages of low-interaction and high-interaction honeypots. The low-interaction honeypot serves as a proxy for multiple IP addresses and filters out traffic beyond concern, while the high-interaction honeypot provides an optimum level of interaction. The proposed architecture employing the prototype of a hybrid honeypot featuring autonomous operation should represent a security mechanism minimizing the disadvantages of intrusion detection systems and can be used as a solution to increase the security of a distributed computer system rapidly, both autonomously and in real-time.
Publié le : 2017-05-12
Classification:  Computing and Informatics,  Honeypot, hybrid honeypot, virtual honeypots, malicious code, security of computer systems,  68-U99
@article{cai2017_1_113,
     author = {Eva Chovancov\'a; Department of Computers and Informatics, Technical University of Ko\v sice and Norbert \'Ad\'am; Department of Computers and Informatics, Technical University of Ko\v sice and Anton Bal\'a\v z; Department of Computers and Informatics, Technical University of Ko\v sice and Em\'\i lia Pietrikov\'a; Department of Computers and Informatics, Technical University of Ko\v sice and Peter Feci\v lak; Department of Computers and Informatics, Technical University of Ko\v sice and Slavom\'\i r \v Simo\v n\'ak; Department of Computers and Informatics, Technical University of Ko\v sice and Martin Chovanec; Institute of Computer Technology, Technical University of Ko\v sice},
     title = {Securing Distributed Computer Systems Using an Advanced Sophisticated Hybrid Honeypot Technology},
     journal = {Computing and Informatics},
     volume = {35},
     number = {4},
     year = {2017},
     language = {en},
     url = {http://dml.mathdoc.fr/item/cai2017_1_113}
}
Eva Chovancová; Department of Computers and Informatics, Technical University of Košice; Norbert Ádám; Department of Computers and Informatics, Technical University of Košice; Anton Baláž; Department of Computers and Informatics, Technical University of Košice; Emília Pietriková; Department of Computers and Informatics, Technical University of Košice; Peter Feciľak; Department of Computers and Informatics, Technical University of Košice; Slavomír Šimoňák; Department of Computers and Informatics, Technical University of Košice; Martin Chovanec; Institute of Computer Technology, Technical University of Košice. Securing Distributed Computer Systems Using an Advanced Sophisticated Hybrid Honeypot Technology. Computing and Informatics, Tome 35 (2017) no. 4, . http://gdmltest.u-ga.fr/item/cai2017_1_113/