165-171
Securing WMN Using Hybrid Honeypot System
Authors: - Dr.T.Geetha, R.Karthikeyan , Kumar M , Kathiravan M
Number of views: 444
Nowadays, we are facing with network threats that cause enormous damage to the Internet
community day by day. In this situation, more and more people try to prevent their network security
using some traditional mechanisms including firewall, Intrusion Detection System, etc. Among them
honeypot is a versatile tool for a security practitioner, of course, they are tools that are meant to be
attacked or interacted with to more information about attackers, their motives and tools. In this paper,
we will describe usefulness of low-interaction honeypot and high-interaction honeypot and comparison
between them. And then we propose hybrid honeypot architecture that combines low and high -
interaction honeypot to mitigate the drawback. In this architecture, low-interaction honeypot is used as
a traffic filter. Activities like port scanning can be effectively detected by low-interaction honeypot and
stop there. Traffic that cannot be handled by low-interaction honeypot is handed over to highinteraction
honeypot. In this case, low-interaction honeypot is used as proxy whereas high-interaction
honeypot offers the optimal level realism. To prevent the high-interaction honeypot from infections,
containment environment (VMware) is used