A Dynamic Approach for Honeypot Management

Document Type: Research Paper

Authors

1 Islamic Azad University of Hamedan, Musivand Blv, Islamic Azad University St., Emam khomeini Blv., Hamedan, Iran

2 Computer Eng. Dep.- Bu-Ali Sina University- Fahmideh Ave. - 65174 - Hamedan - Iran

Abstract

Honeypot is a security device the value of which lies mainly in discovering and inspecting, being attacked and being at risk. Most of the present Honeypots are configured and installed on the network statically. In some cases considerations have been made on dynamic configuration of Honeypots at the time of installation but still no study have been carried out on how to instantaneously change the configuration of Honeypots based upon the analysis of the collected events from various network elements including routers, firewalls, spam identifiers and Honeypots. In this paper we will provide a method in which according to the behaviour of the attacks based on the reports sent from several elements of the network and also the defined rules of the system, the Honeynet is automatically configured so that the conditions are prepared for trapping the threats. The main idea in this method is that unlike the other methods which wait until the threat reaches the Honeypot, the latter are configured so that they move to attract the attacks. The present scheme has been evaluated in a real environment. The results of the evaluation, illustrated the efficiency of the suggested method.

Keywords