Computer network security is gaining critical attention as the number of attacks committed against online systems is continuously on the increase. There are existing solutions to secure networks from such attacks, however many of these solutions generate a high number of false positives (that is create alerts when no alert is required). Honeypots are computer systems which have been deployed quiet deliberately with the aim of being compromised and therefore do not suffer from such false positives. Additionally, honeypots are able to provide detailed information about attacks which can be used to improve the security of the production system.
This dissertation examines a new and innovative way of using virtual honeypots where an IDS system forwards malicious-like traffic to a honeypot sandbox system which is then capable of determining if the traffic is really malicious. If a valid request has been incorrectly forwarded to this honeypot system, the effect of this request will be merged to the production system.
Initially the dissertation focuses on the various honeypot solutions and why honeypots should be used as a sandbox system. Subsequently, a detailed investigation was undertaken to define and solve the issues raised by this new concept. Finally, the results from a set of experiments will demonstrate the deployment and maintenance of a honeynet, which could be extended to implement the innovative techniques in honeypot systems.