DOI: https://doi.org/10.32515/2664-262X.2025.11(42).1.56-67
Система моніторингу, виявлення, реагування та захисту інформації на основі Honeypot-файлів
Про авторів
М. С. Продеус, аспірант, Хмельницький національний університет, м. Хмельницький, Україна, e-mail: mprodeus99@ukr.net, ORCID ID: 0009-0002-2968-4648
А. О. Нічепорук, доцент, кандидат технічних наук, Хмельницький національний університет, м. Хмельницький, Україна, e-mail: andrey.nicheporuk@gmail.com, ORCID ID: 0000-0002-7230-9475
А. С. Каштальян, доцент, кандидат технічних наук, Хмельницький національний університет, м. Хмельницький, Україна, e-mail: yantonina@ukr.net, ORCID ID: 0000-0002-4925-9713
Анотація
З огляду на зростання кіберзагроз та обмежену ефективність традиційних засобів безпеки, у статті запропоновано систему моніторингу, виявлення, реагування та захисту інформації на основі Honeypot-файлів. Запропонований підхід поєднує розподілене розміщення honeypot-файлів, багаторівневий моніторинг і автоматизоване блокування загроз, що дозволяє знизити кількість помилкових спрацьовувань до 10% та забезпечити реакцію системи із середнім часом відповіді 2 секунди. Розглянуто особливості інтеграції такої системи у корпоративні середовища, виклики її розгортання та можливості масштабування до 50 honeypot-файлів у локальних і хмарних інфраструктурах. Отримані результати демонструють ефективність підходу в ідентифікації та блокуванні вірусів, троянських програм, програм-вимагачів та інших кіберзагроз, що робить його перспективним для посилення захисту корпоративних мереж.
Ключові слова
файли-приманки, honeypot, мережева безпека, виявлення загроз, кіберзахист, корпоративні мережі
Повний текст:
PDF
Посилання
1. Campbell, R., Padayachee, K., & Masombuka, T. (2015). A survey of honeypot research: Trends and opportunities. 10th International Conference for Internet Technology and Secured Transactions (ICITST), 208–212. https://doi.org/10.1109/ICITST.2015.7412090
2. Fraunholz, D., & Schotten, H. D. (2017). An adaptive honeypot configuration, deployment and maintenance strategy. International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA), 1–8.
3. Pauna, A., & Patriciu, V. V. (2019). Enhancing cybersecurity with honeypot systems: A case study. 11th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), 1–6.
4. Gu, R., Yang, Z., & Ji, Y. (2020). Machine learning for intelligent optical networks: A comprehensive survey. Journal of Network and Computer Applications, arXiv:2003.05290
5. Madison, Z. D. (2022). Honeyhive – A network intrusion detection system framework utilizing distributed Internet of Things honeypot sensors, Thesis, AD1102962.
6. Kashtalian, A., Lysenko, S., Savenko, O., Nicheporuk, A., Sochor, T., & Avsiyevych, V. (2024). Multi-computer malware detection systems with metamorphic functionality. Radioelectronic and Computer Systems, 2024(1), 152–175. https://doi.org/10.32620/reks.2024.1.13
7. Savenko, O., Lysenko, S., & Nicheporuk, A. (2017). Metamorphic viruses’ detection technique based on the equivalent functional block search. CEUR-WS, 1844, 555–569.
8. Canarytokens. (n.d.). Canarytokens – Quick, free, detection for the masses. Retrieved from https://canarytokens.org/generate
9. Peng, Z., Xiaojing, G., Surya, N., & Jianying, Z. (2021). Modeling social worm propagation for advanced persistent threats. Computers & Security, 102321. https://doi.org/10.1016/j.cose.2021.102321
10. Kambourakis, G., & Kolias, C. (2020). Honeypots for ransomware detection: A case study on WannaCry and LockBit. Computers & Security, 95, 101823.
11. Lysenko, S., Atamaniuk, O., Bokhonko, O., & Vorobiyov, V. (2023). Method for detection of ransomware cyber threats based on honeypot. CEUR-WS, 300–309.
12. Alsaheel, A., Nan, Y., & Yu, L. (2021). ATLAS: A practical framework for adaptive threat detection in enterprise environments. IEEE Symposium on Security and Privacy (SP), 1–18.
13. Eriksson, B., Pellegrino, G., & Sabelfeld, A. (2021). Black Widow: Blackbox data-driven web scanning. Symposium on Security and Privacy (SP), 1125–1142. https://doi.org/10.1109/SP40001.2021.00022
14. Savenko, O., Lysenko, S., Nicheporuk, A., & Savenko, B. (2017). Approach for the unknown metamorphic virus detection. 8th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems, 71–76.
15. Markowsky, G., Savenko, O., Lysenko, S., & Nicheporuk, A. (2018). The technique for metamorphic viruses' detection based on its obfuscation features analysis. CEUR-WS, 2104, 680–687.
16. Kambourakis, G., & Genç, Z. (2020). Dynamic honeypot configuration to mitigate static detection in ransomware attacks. Computers & Security, 96, 101923.
17. Beuran, R., Inoue, T., & Tan, Y. (2019). Realistic cybersecurity training via scenario progression management. European Symposium on Security and Privacy Workshops (EuroS&PW), 67–76. https://doi.org/10.1109/EuroSPW.2019.00014
18. Sethuraman, S., Jadapalli, T., & Sudhakaran, D. (2023). Flow-based containerized honeypot approach for network traffic analysis: An empirical study. Computer Science Review, 5–10. https://doi.org/10.1016/j.cosrev.2023.100600
19. Baykara, M., & Das, R. (2018). A novel honeypot-based security approach for real-time intrusion detection and prevention systems. Journal of Information Security and Applications, 103–116. https://doi.org/10.1016/j.jisa.2018.06.004
20. Fraunholz, D., Zimmermann, M., & Schotten, H. D. (2022). SOAR-integrated honeypots for automated threat response. 17th International Conference on Availability, Reliability and Security (ARES), ACM, 1–10.
21. Nguyen, T., & Jones, M. (2021). Automated threat response in honeypot-enabled networks using dynamic firewall rules. IEEE International Conference on Cyber Security and Resilience (CSR), 1–9.
22. Gupta, R., & Patel, A. (2020). Automating security maintenance in Windows environments: A task scheduler approach. International Conference on Computational Science and Computational Intelligence (CSCI) 1–6.
23. Alotaibi, B., & Elleithy, K. (2021). Scalable honeypot deployment using Python scripting for enterprise networks. Journal of Cybersecurity and Privacy, 1(2), 234–250.
24. Johnson, L., & Martinez, C. (2022). Persistent security automation in Windows: Leveraging task scheduler for background threat response. IEEE Symposium on Cybersecurity Applications and Technologies (SCAT), 1–7.
Пристатейна бібліографія ГОСТ
1. Campbell R., Padayachee K., Masombuka T. A survey of honeypot research: Trends and opportunities, 10th International Conference for Internet Technology and Secured Transactions (ICITST), London, UK, 2015, P. 208-212. doi: 10.1109/ICITST.2015.7412090.
2. Fraunholz D., Schotten H. D. An adaptive honeypot configuration, deployment and maintenance strategy. International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA), IEEE, 2017. P. 1–8.
3. Pauna A., Patriciu V. V. Enhancing cybersecurity with honeypot systems: A case study. 11th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), 2019. P. 1–6.
4. Rentao Gu., Zeyuan Yang., Yuefeng Ji. Machine learning for intelligent optical networks: A comprehensive survey Journal of Network and Computer Applications. 2020.
5. Madison Z. D. Honeyhive – A Network Intrusion Detection System Framework Utilizing Distributed Internet of Things Honeypot Sensors. Theses and Dissertations. 2020.
6. Kashtalian A., Lysenko S., Savenko O., Nicheporuk A., Sochor T., Avsiyevych V. Multi-computer malware detection systems with metamorphic functionality. Radioelectronic and Computer Systems. 2024. Vol. 1. P. 152–175. DOI: 10.32620/reks.2024.1.13.
7. Savenko O., Lysenko S., Nicheporuk A. Metamorphic viruses’ detection technique based on the equivalent functional block search. CEUR-WS. 2017. Vol. 1844. P. 555–569.
8. Canarytokens. Canarytokens – Quick, Free, Detection for the Masses. Retrieved from: https://canarytokens.org/generate.
9. Fraunholz D., Schotten H. D. An adaptive honeypot configuration, deployment and maintenance strategy. International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA), IEEE, 2017. P. 1–8.
10. Peng Z., Xiaojing G., Surya N., Jianying Z. Modeling social worm propagation for advanced persistent threats. Computers & Security. 2021. P. 102321. DOI: 10.1016/j.cose.2021.102321.
11. Kambourakis G., Kolias C. Honeypots for ransomware detection: A case study on WannaCry and LockBit. Computers & Security. 2020. Vol. 95. P. 101823.
12. Lysenko S., Atamaniuk O., Bokhonko O., Vorobiyov V. Method for detection of ransomware cyber threats based on honeypot. CEUR-WS. 2023. P. 300–309.
13. Alsaheel A., Nan Y., Yu L. ATLAS: A practical framework for adaptive threat detection in enterprise environments. IEEE Symposium on Security and Privacy (SP), 2021. P. 1–18.
14. Eriksson B., Pellegrino G., Sabelfeld A. Black Widow: Blackbox Data-driven Web Scanning. Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2021, IEEE pp. 1125-1142, doi: 10.1109/SP40001.2021.00022.
15. Savenko O., Lysenko S., Nicheporuk A., Savenko B. Approach for the unknown metamorphic virus detection. 8th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems, Bucharest, 2017. P. 71–76.
16. Markowsky G., Savenko O., Lysenko S., Nicheporuk A. The technique for metamorphic viruses' detection based on its obfuscation features analysis. CEUR-WS. 2018. Vol. 2104. P. 680–687.
17. Kambourakis G., Genç Z. Dynamic honeypot configuration to mitigate static detection in ransomware attacks. Computers & Security. 2020. Vol. 96. P. 101923.
18. Beuran R., Inoue T., Tan Y. Realistic Cybersecurity Training via Scenario Progression Management. European Symposium on Security and Privacy Workshops (EuroS&PW), Stockholm, Sweden, IEEE 2019, P. 67-76. doi: 10.1109/EuroSPW.2019.00014.
19. Sethuraman S., Jadapalli T., Sudhakaran D. Flow based containerized honeypot approach for network traffic analysis: An empirical study. Computer Science Review. 2023. P. 5–10. doi: 10.1016/j.cosrev.2023.100600.
20. Baykara M., Das R. A novel honeypot based security approach for real-time intrusion detection and prevention systems. Journal of Information Security and Applications. 2018. P. 103-116. doi: 10.1016/j.jisa.2018.06.004.
21. Fraunholz D., Zimmermann M., Schotten H. D. SOAR-integrated honeypots for automated threat response. 17th International Conference on Availability, Reliability and Security (ARES), ACM, 2022. P. 1–10.
22. Nguyen T., Jones M. Automated threat response in honeypot-enabled networks using dynamic firewall rules. IEEE International Conference on Cyber Security and Resilience (CSR), IEEE, 2021. P. 1–9.
23. Gupta R., Patel A. Automating security maintenance in Windows environments: A task scheduler approach. International Conference on Computational Science and Computational Intelligence (CSCI), IEEE, 2020. P. 1–6.
24. Alotaibi B., Elleithy K. Scalable honeypot deployment using Python scripting for enterprise networks. Journal of Cybersecurity and Privacy. 2021. Vol. 1, no. 2. P. 234–250.
25. Johnson L., Martinez C. Persistent security automation in Windows: Leveraging task scheduler for background threat response. IEEE Symposium on Cybersecurity Applications and Technologies (SCAT), IEEE, 2022. P. 1–7.
Copyright (c) 2025 М. С. Продеус, А. О. Нічепорук, А. С. Каштальян
Система моніторингу, виявлення, реагування та захисту інформації на основі Honeypot-файлів
Про авторів
М. С. Продеус, аспірант, Хмельницький національний університет, м. Хмельницький, Україна, e-mail: mprodeus99@ukr.net, ORCID ID: 0009-0002-2968-4648
А. О. Нічепорук, доцент, кандидат технічних наук, Хмельницький національний університет, м. Хмельницький, Україна, e-mail: andrey.nicheporuk@gmail.com, ORCID ID: 0000-0002-7230-9475
А. С. Каштальян, доцент, кандидат технічних наук, Хмельницький національний університет, м. Хмельницький, Україна, e-mail: yantonina@ukr.net, ORCID ID: 0000-0002-4925-9713
Анотація
Ключові слова
Повний текст:
PDFПосилання
1. Campbell, R., Padayachee, K., & Masombuka, T. (2015). A survey of honeypot research: Trends and opportunities. 10th International Conference for Internet Technology and Secured Transactions (ICITST), 208–212. https://doi.org/10.1109/ICITST.2015.7412090
2. Fraunholz, D., & Schotten, H. D. (2017). An adaptive honeypot configuration, deployment and maintenance strategy. International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA), 1–8.
3. Pauna, A., & Patriciu, V. V. (2019). Enhancing cybersecurity with honeypot systems: A case study. 11th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), 1–6.
4. Gu, R., Yang, Z., & Ji, Y. (2020). Machine learning for intelligent optical networks: A comprehensive survey. Journal of Network and Computer Applications, arXiv:2003.05290
5. Madison, Z. D. (2022). Honeyhive – A network intrusion detection system framework utilizing distributed Internet of Things honeypot sensors, Thesis, AD1102962.
6. Kashtalian, A., Lysenko, S., Savenko, O., Nicheporuk, A., Sochor, T., & Avsiyevych, V. (2024). Multi-computer malware detection systems with metamorphic functionality. Radioelectronic and Computer Systems, 2024(1), 152–175. https://doi.org/10.32620/reks.2024.1.13
7. Savenko, O., Lysenko, S., & Nicheporuk, A. (2017). Metamorphic viruses’ detection technique based on the equivalent functional block search. CEUR-WS, 1844, 555–569.
8. Canarytokens. (n.d.). Canarytokens – Quick, free, detection for the masses. Retrieved from https://canarytokens.org/generate
9. Peng, Z., Xiaojing, G., Surya, N., & Jianying, Z. (2021). Modeling social worm propagation for advanced persistent threats. Computers & Security, 102321. https://doi.org/10.1016/j.cose.2021.102321
10. Kambourakis, G., & Kolias, C. (2020). Honeypots for ransomware detection: A case study on WannaCry and LockBit. Computers & Security, 95, 101823.
11. Lysenko, S., Atamaniuk, O., Bokhonko, O., & Vorobiyov, V. (2023). Method for detection of ransomware cyber threats based on honeypot. CEUR-WS, 300–309.
12. Alsaheel, A., Nan, Y., & Yu, L. (2021). ATLAS: A practical framework for adaptive threat detection in enterprise environments. IEEE Symposium on Security and Privacy (SP), 1–18.
13. Eriksson, B., Pellegrino, G., & Sabelfeld, A. (2021). Black Widow: Blackbox data-driven web scanning. Symposium on Security and Privacy (SP), 1125–1142. https://doi.org/10.1109/SP40001.2021.00022
14. Savenko, O., Lysenko, S., Nicheporuk, A., & Savenko, B. (2017). Approach for the unknown metamorphic virus detection. 8th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems, 71–76.
15. Markowsky, G., Savenko, O., Lysenko, S., & Nicheporuk, A. (2018). The technique for metamorphic viruses' detection based on its obfuscation features analysis. CEUR-WS, 2104, 680–687.
16. Kambourakis, G., & Genç, Z. (2020). Dynamic honeypot configuration to mitigate static detection in ransomware attacks. Computers & Security, 96, 101923.
17. Beuran, R., Inoue, T., & Tan, Y. (2019). Realistic cybersecurity training via scenario progression management. European Symposium on Security and Privacy Workshops (EuroS&PW), 67–76. https://doi.org/10.1109/EuroSPW.2019.00014
18. Sethuraman, S., Jadapalli, T., & Sudhakaran, D. (2023). Flow-based containerized honeypot approach for network traffic analysis: An empirical study. Computer Science Review, 5–10. https://doi.org/10.1016/j.cosrev.2023.100600
19. Baykara, M., & Das, R. (2018). A novel honeypot-based security approach for real-time intrusion detection and prevention systems. Journal of Information Security and Applications, 103–116. https://doi.org/10.1016/j.jisa.2018.06.004
20. Fraunholz, D., Zimmermann, M., & Schotten, H. D. (2022). SOAR-integrated honeypots for automated threat response. 17th International Conference on Availability, Reliability and Security (ARES), ACM, 1–10.
21. Nguyen, T., & Jones, M. (2021). Automated threat response in honeypot-enabled networks using dynamic firewall rules. IEEE International Conference on Cyber Security and Resilience (CSR), 1–9.
22. Gupta, R., & Patel, A. (2020). Automating security maintenance in Windows environments: A task scheduler approach. International Conference on Computational Science and Computational Intelligence (CSCI) 1–6.
23. Alotaibi, B., & Elleithy, K. (2021). Scalable honeypot deployment using Python scripting for enterprise networks. Journal of Cybersecurity and Privacy, 1(2), 234–250.
24. Johnson, L., & Martinez, C. (2022). Persistent security automation in Windows: Leveraging task scheduler for background threat response. IEEE Symposium on Cybersecurity Applications and Technologies (SCAT), 1–7.
Пристатейна бібліографія ГОСТ
1. Campbell R., Padayachee K., Masombuka T. A survey of honeypot research: Trends and opportunities, 10th International Conference for Internet Technology and Secured Transactions (ICITST), London, UK, 2015, P. 208-212. doi: 10.1109/ICITST.2015.7412090.
2. Fraunholz D., Schotten H. D. An adaptive honeypot configuration, deployment and maintenance strategy. International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA), IEEE, 2017. P. 1–8.
3. Pauna A., Patriciu V. V. Enhancing cybersecurity with honeypot systems: A case study. 11th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), 2019. P. 1–6.
4. Rentao Gu., Zeyuan Yang., Yuefeng Ji. Machine learning for intelligent optical networks: A comprehensive survey Journal of Network and Computer Applications. 2020.
5. Madison Z. D. Honeyhive – A Network Intrusion Detection System Framework Utilizing Distributed Internet of Things Honeypot Sensors. Theses and Dissertations. 2020.
6. Kashtalian A., Lysenko S., Savenko O., Nicheporuk A., Sochor T., Avsiyevych V. Multi-computer malware detection systems with metamorphic functionality. Radioelectronic and Computer Systems. 2024. Vol. 1. P. 152–175. DOI: 10.32620/reks.2024.1.13.
7. Savenko O., Lysenko S., Nicheporuk A. Metamorphic viruses’ detection technique based on the equivalent functional block search. CEUR-WS. 2017. Vol. 1844. P. 555–569.
8. Canarytokens. Canarytokens – Quick, Free, Detection for the Masses. Retrieved from: https://canarytokens.org/generate.
9. Fraunholz D., Schotten H. D. An adaptive honeypot configuration, deployment and maintenance strategy. International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA), IEEE, 2017. P. 1–8.
10. Peng Z., Xiaojing G., Surya N., Jianying Z. Modeling social worm propagation for advanced persistent threats. Computers & Security. 2021. P. 102321. DOI: 10.1016/j.cose.2021.102321.
11. Kambourakis G., Kolias C. Honeypots for ransomware detection: A case study on WannaCry and LockBit. Computers & Security. 2020. Vol. 95. P. 101823.
12. Lysenko S., Atamaniuk O., Bokhonko O., Vorobiyov V. Method for detection of ransomware cyber threats based on honeypot. CEUR-WS. 2023. P. 300–309.
13. Alsaheel A., Nan Y., Yu L. ATLAS: A practical framework for adaptive threat detection in enterprise environments. IEEE Symposium on Security and Privacy (SP), 2021. P. 1–18.
14. Eriksson B., Pellegrino G., Sabelfeld A. Black Widow: Blackbox Data-driven Web Scanning. Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2021, IEEE pp. 1125-1142, doi: 10.1109/SP40001.2021.00022.
15. Savenko O., Lysenko S., Nicheporuk A., Savenko B. Approach for the unknown metamorphic virus detection. 8th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems, Bucharest, 2017. P. 71–76.
16. Markowsky G., Savenko O., Lysenko S., Nicheporuk A. The technique for metamorphic viruses' detection based on its obfuscation features analysis. CEUR-WS. 2018. Vol. 2104. P. 680–687.
17. Kambourakis G., Genç Z. Dynamic honeypot configuration to mitigate static detection in ransomware attacks. Computers & Security. 2020. Vol. 96. P. 101923.
18. Beuran R., Inoue T., Tan Y. Realistic Cybersecurity Training via Scenario Progression Management. European Symposium on Security and Privacy Workshops (EuroS&PW), Stockholm, Sweden, IEEE 2019, P. 67-76. doi: 10.1109/EuroSPW.2019.00014.
19. Sethuraman S., Jadapalli T., Sudhakaran D. Flow based containerized honeypot approach for network traffic analysis: An empirical study. Computer Science Review. 2023. P. 5–10. doi: 10.1016/j.cosrev.2023.100600.
20. Baykara M., Das R. A novel honeypot based security approach for real-time intrusion detection and prevention systems. Journal of Information Security and Applications. 2018. P. 103-116. doi: 10.1016/j.jisa.2018.06.004.
21. Fraunholz D., Zimmermann M., Schotten H. D. SOAR-integrated honeypots for automated threat response. 17th International Conference on Availability, Reliability and Security (ARES), ACM, 2022. P. 1–10.
22. Nguyen T., Jones M. Automated threat response in honeypot-enabled networks using dynamic firewall rules. IEEE International Conference on Cyber Security and Resilience (CSR), IEEE, 2021. P. 1–9.
23. Gupta R., Patel A. Automating security maintenance in Windows environments: A task scheduler approach. International Conference on Computational Science and Computational Intelligence (CSCI), IEEE, 2020. P. 1–6.
24. Alotaibi B., Elleithy K. Scalable honeypot deployment using Python scripting for enterprise networks. Journal of Cybersecurity and Privacy. 2021. Vol. 1, no. 2. P. 234–250.
25. Johnson L., Martinez C. Persistent security automation in Windows: Leveraging task scheduler for background threat response. IEEE Symposium on Cybersecurity Applications and Technologies (SCAT), IEEE, 2022. P. 1–7.
Copyright (c) 2025 М. С. Продеус, А. О. Нічепорук, А. С. Каштальян