A Methodology For Intelligent Honeypot Deployment And Active Engagement Of Attackers

Abstract

The internet has brought about tremendous changes in the way we see the world, allowing us to communicate at the speed of light, and dramatically changing the face of business forever. Organizations are able to share their business strategies and sensitive or proprietary information across the globe in order to create a sense of cohesiveness. This ability to share information across the vastness of the internet also allows attackers to exploit these different avenues to steal intellectual property or gather information vital to the national security of an entire nation. As technology advances to include more devices accessing an organization's network and as more business is handled via the internet, attackers' opportunities increase daily. Honeypots were created in response to this cyber warfare. Honeypots provide a technique to gather information about attackers performing reconnaissance on a network or device without the voluminous logs obtained by the majority of intrusion detection systems. This research effort provides a methodology to dynamically generate context-appropriate honeynets. Administrators are able to modify the system to conform to the target environment and gather the information passively or through increasing degrees of active scanning. The information obtained during the process of scanning the environment aids the administrator in creating a network topology and understanding the flux of devices in the network. This research continues the effort to defend an organization's networks against the onslaught of attackers.