A Portable Research Honeypot for Corporate Networks

A Portable Research Honeypot for Corporate Networks

연구 분야: Software Development

학회: International Workshop on Security and Trust Management

The contemporary cybersecurity landscape faces an ongoing and dynamic threat environment, characterized by the persistent evolution of tactics employed by malicious actors. The detection and mitigation of these threats pose significant challenges, especially when dealing with individuals possessing intimate knowledge of an organization’s security measures and vulnerabilities. Intrusion Detection Systems (IDS) play a crucial role in monitoring network traffic and systems for anomalies, providing alerts and defensive actions when suspicious activities are detected. While traditional IDS solutions exist, there is an increasing demand for adaptable and portable intrusion detection mechanisms. Honeypots, deceptive cybersecurity mechanisms designed to lure potential attackers, play a pivotal role in modern cyber-defense. By emulating vulnerable services, the honeypot captures data on the attacker’s activities and diverts the attention away from the actual critical systems, enabling the enhancement of the overall network security. We describe the design, implementation and evaluation of a portable honeypot for intrusion detection in a corporate network, able to detect internal and external threats. Portability and platform-independency are ensured using Docker containers with a strong emphasis on security through the implementation of necessary measures to mitigate risk. The system adopts a microservices architecture and utilizes the Grafana stack for log collection, data visualization, and alert management. The study provides insights into security best practices and contributes to the ongoing efforts to strengthen cybersecurity defenses in an evolving threat landscape.