EVHS - Elastic Virtual Honeypot System for SDNFV-Based Networks

The SDNFV-based network has leveraged the advantages of software-defined networking (SDN) and network-function virtualization (NFV) to become the most prominent network architecture. However, with the advancement of the SDNFV-based network, more attack types have emerged. This research focuses on one of the methods (use of the honeypot system) of preventing these attacks on the SDNFV-based network. We introduce an SDNFV-based elastic virtual honeypot system (EVHS), which not only resolves problems of other current honeypot systems but also employs a new approach to efficiently manage and control honeypots. It uses a network-intrusion-detection system (NIDS) at the border of the network to detect attacks, leverages the advantages of SDN and NFV to flexibly generate honeypots, and connects attackers to these honeypots by using a moving-target defense mechanism. Furthermore, we optimize the system to efficiently reuse the available honeypots after the attacks are handled. Experimental results validate that the proposed system is a flexible and efficient approach to manage and provide virtual honeypots in the SDNFV-based network; the system can also resolve the problems encountered by current honeypot systems

HoneyDOC: An Efficient Honeypot Architecture Enabling All-Round Design

Honeypots are designed to trap the attacker with the purpose of investigating its malicious behavior. Owing to the increasing variety and sophistication of cyber attacks, how to capture high-quality attack data has become a challenge in the context of honeypot area. All-round honeypots, which mean significant improvement in sensibility, countermeasure and stealth, are necessary to tackle the problem. In this paper, we propose a novel honeypot architecture termed HoneyDOC to support all-round honeypot design and implementation. Our HoneyDOC architecture clearly identifies three essential independent and collaborative modules, Decoy, Captor and Orchestrator. Based on the efficient architecture, a Software-Defined Networking (SDN) enabled honeypot system is designed, which supplies high programmability for technically sustaining the features for capturing high-quality data. A proof-of-concept system is implemented to validate its feasibility and effectiveness. The experimental results show the benefits by using the proposed architecture comparing to the previous honeypot solutions.Comment: Non