Abstract
Honeypots that are capable of deceiving attackers are an effective tool because they not only help protect networks and devices, but also because they collect information that can lead to the understanding of an attacker’s strategy and intent. Several trade-offs must be considered when employing honeypots. Systems and services in a honeypot must be relevant and attractive to an adversary and the computing and manpower costs must fit within the function and budget constraints of the system.
It is infeasible to instigate a single, static configuration to accommodate every type of system or target every possible adversary. The work we describe in this paper demonstrates a novel approach, introducing new capabilities to the Cyber Deception Experimentation System (CDES) to realize selective and on-demand honeypot instantiation. This allows honeypot resources to be introduced dynamically in response to detected adversarial actions. These honeypots consist of kernel namespaces and virtual machines that are invoked from an “at-rest” state. We provide a case study and analyze the performance of CDES when placed inline on a network. We also use CDES to start and subsequently redirect traffic to different honeynets dynamically. We show that these mechanisms can be used to swap with no noticeable delay. Additionally, we show that Nmap host-specific scans can be thwarted during a real scan, so that probes are sent to a honey node instead of to the legitimate node.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Acosta, J.C., Basak, A., Kiekintveld, C., Leslie, N., Kamhoua, C.: Cybersecurity deception experimentation system. In: 2020 IEEE Secure Development (SecDev), pp. 34–40. IEEE (2020)
Basak, A., Kamhoua, C., Venkatesan, S., Gutierrez, M., Anwar, A.H., Kiekintveld, C.: Identifying stealthy attackers in a game theoretic framework using deception. In: Alpcan, T., Vorobeychik, Y., Baras, J.S., Dán, G. (eds.) GameSec 2019. LNCS, vol. 11836, pp. 21–32. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32430-8_2
dmpayton: Django Admin Honeypot. https://github.com/dmpayton/django-admin-honeypot. Accessed 20 Mar 2021
huuck: ADBHoney. https://github.com/huuck/ADBHoney. Accessed 20 Mar 2021
Jicha, A., Patton, M., Chen, H.: SCADA honeypots: an in-depth analysis of Conpot. In: 2016 IEEE Conference on Intelligence and Security Informatics (ISI), pp. 196–198. IEEE (2016)
KeyFocus: KFSensor. http://www.keyfocus.net/kfsensor/features/. Accessed 20 Mar 2021
Sandia National Laboratories: HADES. https://www.osti.gov/servlets/purl/1525940. Accessed 29 Mar 2021
Lyon, G.F.: Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning. Insecure. Com LLC, US (2008)
Nazario, J.: Awesome-Honeypots. https://github.com/paralax/awesome-honeypots. Accessed 20 Mar 2021
Provos, N.: Honeyd-a virtual honeypot daemon. In: 10th DFN-CERT Workshop, Hamburg, Germany, vol. 2, p. 4 (2003)
Razmjoo, A.: OWASP Honeypot. https://github.com/OWASP/Python-Honeypot/wiki. Accessed 20 Mar 2021
Cymmetria Research: Struts Honeypot. https://github.com/Cymmetria/StrutsHoneypot. Accessed 20 Mar 2021
schmalle: Nodepot. https://github.com/schmalle/Nodepot. Accessed 20 Mar 2021
Spitzner, L.: The honeynet project: trap** the hackers. IEEE Secur. Priv. 1(2), 15–23 (2003)
Stahn, M.: pypacker. https://gitlab.com/mike01/pypacker. Accessed 20 Mar 2021
travisbgreen: AMT Honeypot. https://github.com/travisbgreen/intel_amt_honeypot. Accessed 20 Mar 2021
TrendMicro: GasPot. https://github.com/sjhilt/GasPot. Accessed 20 Mar 2021
Yadav, T., Rao, A.M.: Technical aspects of cyber kill chain. In: Abawajy, J.H., Mukherjea, S., Thampi, S.M., Ruiz-Martínez, A. (eds.) SSCC 2015. CCIS, vol. 536, pp. 438–452. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22915-7_40
Acknowledgment
This research was sponsored by the U.S. Army Combat Capabilities Development Command Army Research Laboratory and was accomplished under Cooperative Agreement Number W911NF-13-2-0045 (ARL Cyber Security CRA). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the U.S. Army Combat Capabilities Development Command Army Research Laboratory or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes not withstanding any copyright notation here on.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Acosta, J.C., Basak, A., Kiekintveld, C., Kamhoua, C. (2022). Lightweight On-Demand Honeypot Deployment for Cyber Deception. In: Gladyshev, P., Goel, S., James, J., Markowsky, G., Johnson, D. (eds) Digital Forensics and Cyber Crime. ICDF2C 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 441. Springer, Cham. https://doi.org/10.1007/978-3-031-06365-7_18
Download citation
DOI: https://doi.org/10.1007/978-3-031-06365-7_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-06364-0
Online ISBN: 978-3-031-06365-7
eBook Packages: Computer ScienceComputer Science (R0)