Securing Distributed Computer Systems Using an Advanced Sophisticated Hybrid Honeypot Technology

Authors

  • Eva Chovancová Department of Computers and Informatics, Technical University of Košice
  • Norbert Ádám Department of Computers and Informatics, Technical University of Košice
  • Anton Baláž Department of Computers and Informatics, Technical University of Košice
  • Emília Pietriková Department of Computers and Informatics, Technical University of Košice
  • Peter Feciľak Department of Computers and Informatics, Technical University of Košice
  • Slavomír Šimoňák Department of Computers and Informatics, Technical University of Košice
  • Martin Chovanec Institute of Computer Technology, Technical University of Košice

Keywords:

Honeypot, hybrid honeypot, virtual honeypots, malicious code, security of computer systems

Abstract

Computer system security is the fastest developing segment in information technology. The conventional approach to system security is mostly aimed at protecting the system, while current trends are focusing on more aggressive forms of protection against potential attackers and intruders. One of the forms of protection is also the application of advanced technology based on the principle of baits - honeypots. Honeypots are specialized devices aimed at slowing down or diverting the attention of attackers from the critical system resources to allow future examination of the methods and tools used by the attackers. Currently, most honeypots are being configured and managed statically. This paper deals with the design of a sophisticated hybrid honeypot and its properties having in mind enhancing computer system security. The architecture of a sophisticated hybrid honeypot is represented by a single device capable of adapting to a constantly changing environment by using active and passive scanning techniques, which mitigate the disadvantages of low-interaction and high-interaction honeypots. The low-interaction honeypot serves as a proxy for multiple IP addresses and filters out traffic beyond concern, while the high-interaction honeypot provides an optimum level of interaction. The proposed architecture employing the prototype of a hybrid honeypot featuring autonomous operation should represent a security mechanism minimizing the disadvantages of intrusion detection systems and can be used as a solution to increase the security of a distributed computer system rapidly, both autonomously and in real-time.

Downloads

Download data is not yet available.

Downloads

Published

2017-05-09

How to Cite

Chovancová, E., Ádám, N., Baláž, A., Pietriková, E., Feciľak, P., Šimoňák, S., & Chovanec, M. (2017). Securing Distributed Computer Systems Using an Advanced Sophisticated Hybrid Honeypot Technology. Computing and Informatics, 36(1), 113–139. Retrieved from http://147.213.75.17/ojs/index.php/cai/article/view/2017_1_113

Most read articles by the same author(s)