Title: A review of the current state of Honeynet architectures and tools

Authors: Danny Velasco Silva; Glen D. Rodríguez Rafael

Addresses: Facultad de Ingeniería, Universidad Nacional de Chimborazo, Km 1½ Vía a Guano, Riobamba, EC 060150, Ecuador; Facultad de Sistemas e Informática, Universidad Nacional Mayor de San Marcos, Lima, 15081, Perú ' Facultad de Sistemas e Informática, Universidad Nacional Mayor de San Marcos, Lima, 15081, Perú

Abstract: Honeynets originated as a security tool designed to be tracked, attacked and compromised by hypothetical intruders. They consist of network environments and sets of applications, and after being installed and configured with all of these components, the Honeynet is ready to be attacked with the purpose of maintaining a controlled environment for the study of the events that occurred. Through the analysis of these events, it is possible to understand the objectives, tactics and interests that the attackers have for the proposed environment. This paper describes the state of the art of Honeynets, referring to architectures, Honeynet types, tools used in Honeynets, Honeynet models and applications in the real world that are focused on capturing information.

Keywords: intrusion detection; Honeypot; Honeynets; alert correlation; capture data; network security.

DOI: 10.1504/IJSN.2017.088133

International Journal of Security and Networks, 2017 Vol.12 No.4, pp.255 - 272

Received: 12 Jul 2016
Accepted: 16 May 2017
Published online: 24 Nov 2017 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article