Taxonomy of Honeypots

CS-TR-06-12

Authors: Christian Seifert, Ian Welch, Peter Komisarczuk
Source: Adobe PDF (203kb)


Abstract:

In this paper, we present a taxonomy of honeypots. This taxonomy adheres to the characteristics defined by Lindqvist et al and Krsul. We describe how to assign honeypots to classes via step-by-step instructions. We include six classes as part of the taxonomy's classification scheme: interaction level, data capture, contain- ment, distribution appearance, communication interface, and role in a multi-tier architecture. We applied the classification scheme to classify seven distinctly different honeypots: Google Hack Honeypot, Honeyclient, Honeyd, Honeynet, Honeytrap, KFSensor, and a network telescope. The classification successfully separated these honeypots into different classes. The overall classification pro- vided insight into current honeypot technology. Functional gaps exist around containment of malicious activity and utilization of non-network hardware in- terfaces. The classification also assisted us in predicting honeypot technology of tomorrow. In particular, it pointed towards a possible future honeypot technology of low interaction client honeypots.

Keywords: Honeypots, intrusion detection, intrusion prevention, computer security


[Up to Computer Science Technical Report Archive: Home Page]