Dynamic Deploying Distributed Low-interaction Honeynet

Distributed virtual honeynet is an important security detection system to Worms, Botnet detection, Spam and Distributed Denial-Of-Service. The honeynet value significantly relies on the disguise capacity. The traditional deploying method is a static scheme that the configuration of honeynet is determined by security experts beforehand and unable to change after the deployment. The hackers or Botnet controllers identify the honeynet and may not trap into the same honeynet again. Therefore, the static deploying honeynet has relatively poor disguise capacity. To improve the disguise capacity, a novel dynamic deploying method is proposed that is capable of redeploying the honeynet in real time. The inducing degree is introduced to measure the disguise capacity by analyzing the inbound and outbound packets of the honeynet. When the inducing degree is less than a specific threshold, the dynamic deploying manager will be activated and to execuate the dynamic deploying algorithms. We have developed three novel dynamic deploying algorithms to solve the problem how to redeploy the honeynet and implemented a prototype for distributed virtual honeynet based on Honeyd. The experimental results of the simulation and real networks datasets demonstrate that the dynamic deploying approach is effective to enhance the disguise capacity of honeynet.