DOI: https://doi.org/10.32515/2664-262X.2025.11(42).1.56-67
Honeypot-Based Information Monitoring, Detection, Response and Protection System
About the Authors
Maksym Prodeus, post-graduate, Khmelnytskyi National University, Khmelnytskyi, Ukraine, e-mail: mprodeus99@ukr.net, ORCID ID: 0009-0002-2968-4648
Andrii Nicheporuk,, Associate Professor, PhD in Technics (Candidate of Technics Sciences), Khmelnytskyi National University, Khmelnytskyi, Ukraine, e-mail: andrey.nicheporuk@gmail.com, ORCID ID: 0000-0002-7230-9475
Antonina Kashtalian, Associate Professor, PhD in Technics (Candidate of Technics Sciences), Khmelnytskyi National University, Khmelnytskyi, Ukraine, e-mail: yantonina@ukr.net, ORCID ID: 0000-0002-4925-9713
Abstract
The increasing complexity of cyber threats poses significant challenges to existing security measures, which often fail to provide sufficient protection. This paper presents an approach to improving cybersecurity through honeypot-based techniques. The study focuses on the development and deployment of decoy files designed to detect unauthorized access attempts and monitor malicious activities. Honeypots play a crucial role in identifying various attack types, including insider threats and masquerade attacks, which traditional security systems often overlook. The paper also discusses the integration of honeypots into comprehensive security frameworks, examining their optimal use cases and effectiveness in real-world applications.
The research explores the design and implementation of an advanced honeypot framework that enhances threat detection and response. The proposed system utilizes dynamic decoy files, which change metadata and content to maintain authenticity and attract malicious actors. Various triggers, such as file access, modification, and unauthorized copying, are employed to detect suspicious behavior. The study also evaluates the effectiveness of automated response mechanisms, including IP blocking and real-time monitoring. The framework's performance is analyzed through experimental deployment across different IT environments, highlighting its advantages over traditional static honeypots. Key performance indicators, including detection accuracy, response time, and false positive rates, are assessed to validate the system's reliability.
The results demonstrate that the proposed honeypot-based system significantly improves threat detection and response capabilities while minimizing false alarms. The integration of dynamic honeypots into corporate cybersecurity infrastructures enhances resilience against cyberattacks, including ransomware and advanced persistent threats. However, certain limitations, such as the inability to detect memory-only malware and highly obfuscated threats, remain challenges for future research. The study concludes that adaptive honeypot strategies, combined with automated threat intelligence, can substantially enhance modern cybersecurity defense mechanisms.
Keywords
decoy files, honeypot, network security, threat detection, cyber defense, сorporate networks
Full Text:
PDF
References
1. Campbell, R., Padayachee, K., & Masombuka, T. (2015). A survey of honeypot research: Trends and opportunities. 10th International Conference for Internet Technology and Secured Transactions (ICITST), 208–212. https://doi.org/10.1109/ICITST.2015.7412090
2. Fraunholz, D., & Schotten, H. D. (2017). An adaptive honeypot configuration, deployment and maintenance strategy. International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA), 1–8.
3. Pauna, A., & Patriciu, V. V. (2019). Enhancing cybersecurity with honeypot systems: A case study. 11th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), 1–6.
4. Gu, R., Yang, Z., & Ji, Y. (2020). Machine learning for intelligent optical networks: A comprehensive survey. Journal of Network and Computer Applications, arXiv:2003.05290
5. Madison, Z. D. (2022). Honeyhive – A network intrusion detection system framework utilizing distributed Internet of Things honeypot sensors, Thesis, AD1102962.
6. Kashtalian, A., Lysenko, S., Savenko, O., Nicheporuk, A., Sochor, T., & Avsiyevych, V. (2024). Multi-computer malware detection systems with metamorphic functionality. Radioelectronic and Computer Systems, 2024(1), 152–175. https://doi.org/10.32620/reks.2024.1.13
7. Savenko, O., Lysenko, S., & Nicheporuk, A. (2017). Metamorphic viruses’ detection technique based on the equivalent functional block search. CEUR-WS, 1844, 555–569.
8. Canarytokens. (n.d.). Canarytokens – Quick, free, detection for the masses. Retrieved from https://canarytokens.org/generate
9. Peng, Z., Xiaojing, G., Surya, N., & Jianying, Z. (2021). Modeling social worm propagation for advanced persistent threats. Computers & Security, 102321. https://doi.org/10.1016/j.cose.2021.102321
10. Kambourakis, G., & Kolias, C. (2020). Honeypots for ransomware detection: A case study on WannaCry and LockBit. Computers & Security, 95, 101823.
11. Lysenko, S., Atamaniuk, O., Bokhonko, O., & Vorobiyov, V. (2023). Method for detection of ransomware cyber threats based on honeypot. CEUR-WS, 300–309.
12. Alsaheel, A., Nan, Y., & Yu, L. (2021). ATLAS: A practical framework for adaptive threat detection in enterprise environments. IEEE Symposium on Security and Privacy (SP), 1–18.
13. Eriksson, B., Pellegrino, G., & Sabelfeld, A. (2021). Black Widow: Blackbox data-driven web scanning. Symposium on Security and Privacy (SP), 1125–1142. https://doi.org/10.1109/SP40001.2021.00022
14. Savenko, O., Lysenko, S., Nicheporuk, A., & Savenko, B. (2017). Approach for the unknown metamorphic virus detection. 8th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems, 71–76.
15. Markowsky, G., Savenko, O., Lysenko, S., & Nicheporuk, A. (2018). The technique for metamorphic viruses' detection based on its obfuscation features analysis. CEUR-WS, 2104, 680–687.
16. Kambourakis, G., & Genç, Z. (2020). Dynamic honeypot configuration to mitigate static detection in ransomware attacks. Computers & Security, 96, 101923.
17. Beuran, R., Inoue, T., & Tan, Y. (2019). Realistic cybersecurity training via scenario progression management. European Symposium on Security and Privacy Workshops (EuroS&PW), 67–76. https://doi.org/10.1109/EuroSPW.2019.00014
18. Sethuraman, S., Jadapalli, T., & Sudhakaran, D. (2023). Flow-based containerized honeypot approach for network traffic analysis: An empirical study. Computer Science Review, 5–10. https://doi.org/10.1016/j.cosrev.2023.100600
19. Baykara, M., & Das, R. (2018). A novel honeypot-based security approach for real-time intrusion detection and prevention systems. Journal of Information Security and Applications, 103–116. https://doi.org/10.1016/j.jisa.2018.06.004
20. Fraunholz, D., Zimmermann, M., & Schotten, H. D. (2022). SOAR-integrated honeypots for automated threat response. 17th International Conference on Availability, Reliability and Security (ARES), ACM, 1–10.
21. Nguyen, T., & Jones, M. (2021). Automated threat response in honeypot-enabled networks using dynamic firewall rules. IEEE International Conference on Cyber Security and Resilience (CSR), 1–9.
22. Gupta, R., & Patel, A. (2020). Automating security maintenance in Windows environments: A task scheduler approach. International Conference on Computational Science and Computational Intelligence (CSCI) 1–6.
23. Alotaibi, B., & Elleithy, K. (2021). Scalable honeypot deployment using Python scripting for enterprise networks. Journal of Cybersecurity and Privacy, 1(2), 234–250.
24. Johnson, L., & Martinez, C. (2022). Persistent security automation in Windows: Leveraging task scheduler for background threat response. IEEE Symposium on Cybersecurity Applications and Technologies (SCAT), 1–7.
Citations
1. Campbell R., Padayachee K., Masombuka T. A survey of honeypot research: Trends and opportunities, 10th International Conference for Internet Technology and Secured Transactions (ICITST), London, UK, 2015, P. 208-212. doi: 10.1109/ICITST.2015.7412090.
2. Fraunholz D., Schotten H. D. An adaptive honeypot configuration, deployment and maintenance strategy. International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA), IEEE, 2017. P. 1–8.
3. Pauna A., Patriciu V. V. Enhancing cybersecurity with honeypot systems: A case study. 11th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), 2019. P. 1–6.
4. Rentao Gu., Zeyuan Yang., Yuefeng Ji. Machine learning for intelligent optical networks: A comprehensive survey Journal of Network and Computer Applications. 2020.
5. Madison Z. D. Honeyhive – A Network Intrusion Detection System Framework Utilizing Distributed Internet of Things Honeypot Sensors. Theses and Dissertations. 2020.
6. Kashtalian A., Lysenko S., Savenko O., Nicheporuk A., Sochor T., Avsiyevych V. Multi-computer malware detection systems with metamorphic functionality. Radioelectronic and Computer Systems. 2024. Vol. 1. P. 152–175. DOI: 10.32620/reks.2024.1.13.
7. Savenko O., Lysenko S., Nicheporuk A. Metamorphic viruses’ detection technique based on the equivalent functional block search. CEUR-WS. 2017. Vol. 1844. P. 555–569.
8. Canarytokens. Canarytokens – Quick, Free, Detection for the Masses. Retrieved from: https://canarytokens.org/generate.
9. Fraunholz D., Schotten H. D. An adaptive honeypot configuration, deployment and maintenance strategy. International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA), IEEE, 2017. P. 1–8.
10. Peng Z., Xiaojing G., Surya N., Jianying Z. Modeling social worm propagation for advanced persistent threats. Computers & Security. 2021. P. 102321. DOI: 10.1016/j.cose.2021.102321.
11. Kambourakis G., Kolias C. Honeypots for ransomware detection: A case study on WannaCry and LockBit. Computers & Security. 2020. Vol. 95. P. 101823.
12. Lysenko S., Atamaniuk O., Bokhonko O., Vorobiyov V. Method for detection of ransomware cyber threats based on honeypot. CEUR-WS. 2023. P. 300–309.
13. Alsaheel A., Nan Y., Yu L. ATLAS: A practical framework for adaptive threat detection in enterprise environments. IEEE Symposium on Security and Privacy (SP), 2021. P. 1–18.
14. Eriksson B., Pellegrino G., Sabelfeld A. Black Widow: Blackbox Data-driven Web Scanning. Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2021, IEEE pp. 1125-1142, doi: 10.1109/SP40001.2021.00022.
15. Savenko O., Lysenko S., Nicheporuk A., Savenko B. Approach for the unknown metamorphic virus detection. 8th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems, Bucharest, 2017. P. 71–76.
16. Markowsky G., Savenko O., Lysenko S., Nicheporuk A. The technique for metamorphic viruses' detection based on its obfuscation features analysis. CEUR-WS. 2018. Vol. 2104. P. 680–687.
17. Kambourakis G., Genç Z. Dynamic honeypot configuration to mitigate static detection in ransomware attacks. Computers & Security. 2020. Vol. 96. P. 101923.
18. Beuran R., Inoue T., Tan Y. Realistic Cybersecurity Training via Scenario Progression Management. European Symposium on Security and Privacy Workshops (EuroS&PW), Stockholm, Sweden, IEEE 2019, P. 67-76. doi: 10.1109/EuroSPW.2019.00014.
19. Sethuraman S., Jadapalli T., Sudhakaran D. Flow based containerized honeypot approach for network traffic analysis: An empirical study. Computer Science Review. 2023. P. 5–10. doi: 10.1016/j.cosrev.2023.100600.
20. Baykara M., Das R. A novel honeypot based security approach for real-time intrusion detection and prevention systems. Journal of Information Security and Applications. 2018. P. 103-116. doi: 10.1016/j.jisa.2018.06.004.
21. Fraunholz D., Zimmermann M., Schotten H. D. SOAR-integrated honeypots for automated threat response. 17th International Conference on Availability, Reliability and Security (ARES), ACM, 2022. P. 1–10.
22. Nguyen T., Jones M. Automated threat response in honeypot-enabled networks using dynamic firewall rules. IEEE International Conference on Cyber Security and Resilience (CSR), IEEE, 2021. P. 1–9.
23. Gupta R., Patel A. Automating security maintenance in Windows environments: A task scheduler approach. International Conference on Computational Science and Computational Intelligence (CSCI), IEEE, 2020. P. 1–6.
24. Alotaibi B., Elleithy K. Scalable honeypot deployment using Python scripting for enterprise networks. Journal of Cybersecurity and Privacy. 2021. Vol. 1, no. 2. P. 234–250.
25. Johnson L., Martinez C. Persistent security automation in Windows: Leveraging task scheduler for background threat response. IEEE Symposium on Cybersecurity Applications and Technologies (SCAT), IEEE, 2022. P. 1–7.
Copyright (c) 2025 Maksym Prodeus, Andrii Nicheporuk, Antonina Kashtalian
Honeypot-Based Information Monitoring, Detection, Response and Protection System
About the Authors
Maksym Prodeus, post-graduate, Khmelnytskyi National University, Khmelnytskyi, Ukraine, e-mail: mprodeus99@ukr.net, ORCID ID: 0009-0002-2968-4648
Andrii Nicheporuk,, Associate Professor, PhD in Technics (Candidate of Technics Sciences), Khmelnytskyi National University, Khmelnytskyi, Ukraine, e-mail: andrey.nicheporuk@gmail.com, ORCID ID: 0000-0002-7230-9475
Antonina Kashtalian, Associate Professor, PhD in Technics (Candidate of Technics Sciences), Khmelnytskyi National University, Khmelnytskyi, Ukraine, e-mail: yantonina@ukr.net, ORCID ID: 0000-0002-4925-9713
Abstract
Keywords
Full Text:
PDFReferences
1. Campbell, R., Padayachee, K., & Masombuka, T. (2015). A survey of honeypot research: Trends and opportunities. 10th International Conference for Internet Technology and Secured Transactions (ICITST), 208–212. https://doi.org/10.1109/ICITST.2015.7412090
2. Fraunholz, D., & Schotten, H. D. (2017). An adaptive honeypot configuration, deployment and maintenance strategy. International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA), 1–8.
3. Pauna, A., & Patriciu, V. V. (2019). Enhancing cybersecurity with honeypot systems: A case study. 11th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), 1–6.
4. Gu, R., Yang, Z., & Ji, Y. (2020). Machine learning for intelligent optical networks: A comprehensive survey. Journal of Network and Computer Applications, arXiv:2003.05290
5. Madison, Z. D. (2022). Honeyhive – A network intrusion detection system framework utilizing distributed Internet of Things honeypot sensors, Thesis, AD1102962.
6. Kashtalian, A., Lysenko, S., Savenko, O., Nicheporuk, A., Sochor, T., & Avsiyevych, V. (2024). Multi-computer malware detection systems with metamorphic functionality. Radioelectronic and Computer Systems, 2024(1), 152–175. https://doi.org/10.32620/reks.2024.1.13
7. Savenko, O., Lysenko, S., & Nicheporuk, A. (2017). Metamorphic viruses’ detection technique based on the equivalent functional block search. CEUR-WS, 1844, 555–569.
8. Canarytokens. (n.d.). Canarytokens – Quick, free, detection for the masses. Retrieved from https://canarytokens.org/generate
9. Peng, Z., Xiaojing, G., Surya, N., & Jianying, Z. (2021). Modeling social worm propagation for advanced persistent threats. Computers & Security, 102321. https://doi.org/10.1016/j.cose.2021.102321
10. Kambourakis, G., & Kolias, C. (2020). Honeypots for ransomware detection: A case study on WannaCry and LockBit. Computers & Security, 95, 101823.
11. Lysenko, S., Atamaniuk, O., Bokhonko, O., & Vorobiyov, V. (2023). Method for detection of ransomware cyber threats based on honeypot. CEUR-WS, 300–309.
12. Alsaheel, A., Nan, Y., & Yu, L. (2021). ATLAS: A practical framework for adaptive threat detection in enterprise environments. IEEE Symposium on Security and Privacy (SP), 1–18.
13. Eriksson, B., Pellegrino, G., & Sabelfeld, A. (2021). Black Widow: Blackbox data-driven web scanning. Symposium on Security and Privacy (SP), 1125–1142. https://doi.org/10.1109/SP40001.2021.00022
14. Savenko, O., Lysenko, S., Nicheporuk, A., & Savenko, B. (2017). Approach for the unknown metamorphic virus detection. 8th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems, 71–76.
15. Markowsky, G., Savenko, O., Lysenko, S., & Nicheporuk, A. (2018). The technique for metamorphic viruses' detection based on its obfuscation features analysis. CEUR-WS, 2104, 680–687.
16. Kambourakis, G., & Genç, Z. (2020). Dynamic honeypot configuration to mitigate static detection in ransomware attacks. Computers & Security, 96, 101923.
17. Beuran, R., Inoue, T., & Tan, Y. (2019). Realistic cybersecurity training via scenario progression management. European Symposium on Security and Privacy Workshops (EuroS&PW), 67–76. https://doi.org/10.1109/EuroSPW.2019.00014
18. Sethuraman, S., Jadapalli, T., & Sudhakaran, D. (2023). Flow-based containerized honeypot approach for network traffic analysis: An empirical study. Computer Science Review, 5–10. https://doi.org/10.1016/j.cosrev.2023.100600
19. Baykara, M., & Das, R. (2018). A novel honeypot-based security approach for real-time intrusion detection and prevention systems. Journal of Information Security and Applications, 103–116. https://doi.org/10.1016/j.jisa.2018.06.004
20. Fraunholz, D., Zimmermann, M., & Schotten, H. D. (2022). SOAR-integrated honeypots for automated threat response. 17th International Conference on Availability, Reliability and Security (ARES), ACM, 1–10.
21. Nguyen, T., & Jones, M. (2021). Automated threat response in honeypot-enabled networks using dynamic firewall rules. IEEE International Conference on Cyber Security and Resilience (CSR), 1–9.
22. Gupta, R., & Patel, A. (2020). Automating security maintenance in Windows environments: A task scheduler approach. International Conference on Computational Science and Computational Intelligence (CSCI) 1–6.
23. Alotaibi, B., & Elleithy, K. (2021). Scalable honeypot deployment using Python scripting for enterprise networks. Journal of Cybersecurity and Privacy, 1(2), 234–250.
24. Johnson, L., & Martinez, C. (2022). Persistent security automation in Windows: Leveraging task scheduler for background threat response. IEEE Symposium on Cybersecurity Applications and Technologies (SCAT), 1–7.
Citations
1. Campbell R., Padayachee K., Masombuka T. A survey of honeypot research: Trends and opportunities, 10th International Conference for Internet Technology and Secured Transactions (ICITST), London, UK, 2015, P. 208-212. doi: 10.1109/ICITST.2015.7412090.
2. Fraunholz D., Schotten H. D. An adaptive honeypot configuration, deployment and maintenance strategy. International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA), IEEE, 2017. P. 1–8.
3. Pauna A., Patriciu V. V. Enhancing cybersecurity with honeypot systems: A case study. 11th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), 2019. P. 1–6.
4. Rentao Gu., Zeyuan Yang., Yuefeng Ji. Machine learning for intelligent optical networks: A comprehensive survey Journal of Network and Computer Applications. 2020.
5. Madison Z. D. Honeyhive – A Network Intrusion Detection System Framework Utilizing Distributed Internet of Things Honeypot Sensors. Theses and Dissertations. 2020.
6. Kashtalian A., Lysenko S., Savenko O., Nicheporuk A., Sochor T., Avsiyevych V. Multi-computer malware detection systems with metamorphic functionality. Radioelectronic and Computer Systems. 2024. Vol. 1. P. 152–175. DOI: 10.32620/reks.2024.1.13.
7. Savenko O., Lysenko S., Nicheporuk A. Metamorphic viruses’ detection technique based on the equivalent functional block search. CEUR-WS. 2017. Vol. 1844. P. 555–569.
8. Canarytokens. Canarytokens – Quick, Free, Detection for the Masses. Retrieved from: https://canarytokens.org/generate.
9. Fraunholz D., Schotten H. D. An adaptive honeypot configuration, deployment and maintenance strategy. International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA), IEEE, 2017. P. 1–8.
10. Peng Z., Xiaojing G., Surya N., Jianying Z. Modeling social worm propagation for advanced persistent threats. Computers & Security. 2021. P. 102321. DOI: 10.1016/j.cose.2021.102321.
11. Kambourakis G., Kolias C. Honeypots for ransomware detection: A case study on WannaCry and LockBit. Computers & Security. 2020. Vol. 95. P. 101823.
12. Lysenko S., Atamaniuk O., Bokhonko O., Vorobiyov V. Method for detection of ransomware cyber threats based on honeypot. CEUR-WS. 2023. P. 300–309.
13. Alsaheel A., Nan Y., Yu L. ATLAS: A practical framework for adaptive threat detection in enterprise environments. IEEE Symposium on Security and Privacy (SP), 2021. P. 1–18.
14. Eriksson B., Pellegrino G., Sabelfeld A. Black Widow: Blackbox Data-driven Web Scanning. Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2021, IEEE pp. 1125-1142, doi: 10.1109/SP40001.2021.00022.
15. Savenko O., Lysenko S., Nicheporuk A., Savenko B. Approach for the unknown metamorphic virus detection. 8th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems, Bucharest, 2017. P. 71–76.
16. Markowsky G., Savenko O., Lysenko S., Nicheporuk A. The technique for metamorphic viruses' detection based on its obfuscation features analysis. CEUR-WS. 2018. Vol. 2104. P. 680–687.
17. Kambourakis G., Genç Z. Dynamic honeypot configuration to mitigate static detection in ransomware attacks. Computers & Security. 2020. Vol. 96. P. 101923.
18. Beuran R., Inoue T., Tan Y. Realistic Cybersecurity Training via Scenario Progression Management. European Symposium on Security and Privacy Workshops (EuroS&PW), Stockholm, Sweden, IEEE 2019, P. 67-76. doi: 10.1109/EuroSPW.2019.00014.
19. Sethuraman S., Jadapalli T., Sudhakaran D. Flow based containerized honeypot approach for network traffic analysis: An empirical study. Computer Science Review. 2023. P. 5–10. doi: 10.1016/j.cosrev.2023.100600.
20. Baykara M., Das R. A novel honeypot based security approach for real-time intrusion detection and prevention systems. Journal of Information Security and Applications. 2018. P. 103-116. doi: 10.1016/j.jisa.2018.06.004.
21. Fraunholz D., Zimmermann M., Schotten H. D. SOAR-integrated honeypots for automated threat response. 17th International Conference on Availability, Reliability and Security (ARES), ACM, 2022. P. 1–10.
22. Nguyen T., Jones M. Automated threat response in honeypot-enabled networks using dynamic firewall rules. IEEE International Conference on Cyber Security and Resilience (CSR), IEEE, 2021. P. 1–9.
23. Gupta R., Patel A. Automating security maintenance in Windows environments: A task scheduler approach. International Conference on Computational Science and Computational Intelligence (CSCI), IEEE, 2020. P. 1–6.
24. Alotaibi B., Elleithy K. Scalable honeypot deployment using Python scripting for enterprise networks. Journal of Cybersecurity and Privacy. 2021. Vol. 1, no. 2. P. 234–250.
25. Johnson L., Martinez C. Persistent security automation in Windows: Leveraging task scheduler for background threat response. IEEE Symposium on Cybersecurity Applications and Technologies (SCAT), IEEE, 2022. P. 1–7.