Attractiveness Study of Honeypots and Honeynets in Internet Threat Detection

• Published in: Computer Networks Vol. 522; pp. 69 - 81
• Main Authors: Sochor, Tomas, Zuzcak, Matej
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 2015; Springer International Publishing
• Series: Communications in Computer and Information Science
• Subjects: Computer attack; Dionaea; Glastopf; Honeynet; Honeypot low-interaction; Information retrieval; Internet threat; Kippo; Network hardware; SSH server emulation; Systems analysis & design; Website emulation; Windows services emulation
• ISBN: 3319194186; 9783319194189
• ISSN: 1865-0929; 1865-0937
• DOI: 10.1007/978-3-319-19419-6_7

New threats from the Internet emerging every day need to be analyzed in order to prepare ways of protection against them. Various honeypots combined into honeynets are the most efficient tool how to lure, detect and analyze threats from the Internet. The paper presents recent results in honeynet made of Dionaea (emulating Windows services), Kippo (emulating Linux services) and Glastopf (emulating website services) honeypots. The most important result consists in the fact that the differentiation among honeypots according to their IP address is relatively rough (usually two categories, i.e. academic and commercial networks, are usually distinguished, but the type of services in commercial sites is taken into account, too). Comparisons of results to other similar honeynets confirms the validity of the paper main conclusions.