INTERCEPT+: SDN Support for Live Migration-Based Honeypots

Abstract

This paper introduces a novel honeypot for web application. Recently, web applications have been the target of numerous cyber attacks. In order to catch up new vulnerabilities in the applications, using a honeypot system is a feasible solution. However, there remains difficulty for developing a lure-able, protect-able, and deception-able honeypot for web applications. In this paper, we present an approach in which attackers will be automatically isolated from the real web server to the honey web server. The key features are employing migration techniques to create a virtual machine as a honey web server, making the honeypot to equip the same memory and storage devices of the real systems, and controlling network traffic with OpenFlow in order to isolate honeypots from the real server. This paper also shows our design and implementation of INTERCEPT+, a component of honeypot systems for web applications.