Authors
Nguyen Khac Bao, Sung Won Ahn and Minho Park, Soongsil University, Korea
Abstract
When low-interaction honey net systems are not powerful enough and high-interaction honey net systems require a lot of resources, hybrid solutions offer the benefit’s of both worlds. Affected by this trend, more and more hybrid honey net systems have been proposed to obtain wide coverage of attack traffic and high behavioral ideality in recent years. However, these system themselves contain some limitations such as the high latency, the lack of prevention method for compromised honey pots, the waste of resources and the finger printing problem of honey pot that hinder them to achieve their goals. To address these limitations, we propose a new honey net architecture called Efficient Elastic Hybrid Honey net. Utilizing the advantages of combining SDN and NFV technologies, this system can reduce the response time for attack traffic, isolate compromised honey pots effectively, defeat the finger printing problem of honey pots, and optimize the resources for maintenance and deployment. Testing our system with real attack traffic, the results have showed that Efficient Elastic-Hybrid Honey net system is not only practical, but also very efficient.
Keywords
Honey net, Honey pot, Elastic, Hybrid, Software defined Networking, Network Function Virtualization