Skip to main content

Enabling an Anatomic View to Investigate Honeypot Systems: A Survey

Fan, Wenjun, Du, Zhihui, Fernandez, David, Villagra, Victor A. (2018) Enabling an Anatomic View to Investigate Honeypot Systems: A Survey. IEEE Systems Journal, 12 (4). pp. 3906-3919. ISSN 1932-8184. (doi:10.1109/JSYST.2017.2762161) (KAR id:64933)

PDF Author's Accepted Manuscript
Language: English
Download this file
(PDF/1MB)
[thumbnail of ISJ Honeypot Survey.pdf]
Preview
Request a format suitable for use with assistive technology e.g. a screenreader
PDF (This is final published version from IEEE Systems Journal) Publisher pdf
Language: English
Download this file
(PDF/1MB)
[thumbnail of This is final published version from IEEE Systems Journal]
Preview
Request a format suitable for use with assistive technology e.g. a screenreader
Official URL:
https://doi.org/10.1109/JSYST.2017.2762161

Abstract

A honeypot is a type of security facility deliberately created to be probed, attacked, and compromised. It is often used for protecting production systems by detecting and deflecting unauthorized accesses. It is also useful for investigating the behavior of attackers, and in particular, unknown attacks. For the past 17 years plenty of effort has been invested in the research and development of honeypot techniques, and they have evolved to be an increasingly powerful means of defending against the creations of the blackhat community. In this paper, by studying a wide set of honeypots, the two essential elements of honeypots—the decoy and the captor—are captured and presented, together with two abstract organizational forms—independent and cooperative—where these two elements can be integrated. A novel decoy and captor (D-C) based taxonomy is proposed for the purpose of studying and classifying the various honeypot techniques. An extensive set of independent and cooperative honeypot projects and research that cover these techniques is surveyed under the taxonomy framework. Furthermore, two subsets of features from the taxonomy are identified, which can greatly influence the honeypot performances. These two subsets of features are applied to a number of typical independent and cooperative honeypots separately in order to validate the taxonomy and predict the honeypot development trends.

Item Type: Article
DOI/Identification number: 10.1109/JSYST.2017.2762161
Uncontrolled keywords: Computer security, honeypots, intrusion detection, network security, virtualization
Subjects: T Technology > TK Electrical engineering. Electronics. Nuclear engineering > TK7800 Electronics > TK7880 Applications of electronics > TK7885 Computer engineering. Computer hardware
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Wenjun Fan
Date Deposited: 01 Dec 2017 11:48 UTC
Last Modified: 04 Jul 2023 12:51 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/64933 (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.