| Summary: | Traditional defences against cyber threats such as Intrusion detection system or firewall were
found to be lacking in this age and time. These defences lack the means to detect advanced
persistent threats, zero-day vulnerabilities and rapid emergence of new malware variants.
Honeypots were used to supplement traditional defences as it is able to provide intelligence on
an attacker’s Tactics Techniques and Procedures (TTP). However, the deployment of honeypot
systems is usually complicated and costly causing it to be out of reach for smaller market
players.
This project aims to design a lightweight honeypot architecture and explain why a lightweight
solution is desirable. Then, an evaluation of the proposed lightweight honeypot architecture is
conducted based on its ability to handle the number of concurrent connections.
Research is first conducted on different honeypot systems exploring several design factors
before proposing a solution. Then, the proposed solution is implemented and tested for its
performance. There are 2 core concepts in the proposed solution – cluster technology and
container virtualization.
Lightweight honeypot architecture showed much more flexibility compared to its traditional
counterparts. By incorporating the 2 core concepts, the cost and complexity of deployment has
been reduced making it a feasible solution for smaller market players. Further work could be
done on hardening the security of the architecture or implementing a machine learning module
to correlate Security Information and Events Management (SIEM) logs.
|
|---|