A comprehensive survey on cyber deception techniques to improve honeypot performance

Honeypot technologies are becoming increasingly popular in cybersecurity as they offer valuable insights into adversary behavior with a low rate of false detections. By diverting the attention of potential attackers and siphoning off their resources, honeypots are a powerful tool for protecting crit...

Full description

Saved in:
Bibliographic Details
Published inComputers & security Vol. 140; p. 103792
Main Authors Javadpour, Amir, Ja'fari, Forough, Taleb, Tarik, Shojafar, Mohammad, Benzaïd, Chafika
Format Journal Article
LanguageEnglish
Published Elsevier Ltd 01.05.2024
Subjects
Cyber deception
Cybersecurity
Honeynet efficiency
Honeypot performance
Professional adversaries
Cyber deception
Cybersecurity
Honeypot performance
Professional adversaries
Honeynet efficiency
Online AccessGet full text

Cover

More Information
Summary:Honeypot technologies are becoming increasingly popular in cybersecurity as they offer valuable insights into adversary behavior with a low rate of false detections. By diverting the attention of potential attackers and siphoning off their resources, honeypots are a powerful tool for protecting critical assets within a network. However, the cybersecurity landscape constantly evolves, and professional attackers are always working to uncover and bypass honeypots. Once an adversary successfully identifies a deception mechanism in place, they may change their tactics, potentially causing significant harm to the network. Maintaining a high level of deception is crucial for honeypots to remain undetectable. This paper explores various deception techniques designed specifically for honeypots to enhance their performance while making them impervious to detection. Previous research has not provided a detailed comparison of these techniques, particularly those tailored to honeynets. Therefore, we categorize the presented techniques into relevant classes, subject them to a comparative analysis, and evaluate their effectiveness in simulation scenarios. We also present a mathematical model that comprehensively represents and compares various honeynet research endeavors. In addition, we provide insightful suggestions that highlight the existing research gaps in this field and offer a roadmap for future expansion. This includes extending deception techniques to emulate vulnerabilities inherent in 5G and software-defined networks, which address the evolving challenges of the cybersecurity landscape. The findings and insights presented in this paper are valuable to honeypot developers and cybersecurity researchers alike, providing a vital resource for advancing the field and fortifying network defenses against ever-evolving threats.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2024.103792