Virtual honeypot

OData support
Horváth Zoltán
Department of Networked Systems and Services

Honeypot is considered to be a deeply monitored decoy computer or network area in line with the real, protected network, with more aims. On the one hand, to deflect the attention of the attacker about the protected network (thus protecting the valuable data there), on the other hand, to detect new methods of attack, system vulnerabilities, or identify attackers by the deep monitoring. The implementation of a honeypot, even more so a honeypot network, can be a cost- and time-consuming task. To reduce these costs, it is possible to use the virtual honeypot technology, which gives the possibility to implement many honeypots on a single host by using different virtualization techniques.

First the existing virtualization applications and honeypot implementations are explained in my thesis. The main disadvantage of these traditional honeypot based implementations is that, there is no guarantee at all that an attacker even interacts with the honeypot. The idea of a new concept of honeypots was born to solve this drawback, in which, each incoming connection is being analyzed individually, and if its intent is not clearly determinable, the connection is directed to the honeypot for future examination. The real intent of these connections are estimated by analyzing the operations they make. Some problems to be solved about the new concept of honeypot are for example to precisely determine the real intent of the examined connections, or to manage the operations, executed by connections on the honeypot. The detailed analysis of every arised problem goes beyond the limits of this thesis, therefore, after the review of the existing problems, one problem has been sorted out – secure and efficient management of operations, done by connections –, and it is going to the subject of the further detailed analysis. During the examination, more different methods are presented for controlling this problem, then – with a special, self-made simulator application – their efficiency is being measured, and some conclusions are made by the results of these measured values.


Please sign in to download the files of this thesis.