Developing a modular, high-interaction honeypot using container virtualization

Sammanfattning: A significant increase of attacks combined with companies neglecting cybersecurity poses a problem for the ever-growing number of Internet-connected devices. With honeypot technology being an invaluable tool for understanding adversaries’ strategies, this project aims to develop a modular honeypot that is able to evolve. The report focuses on the honeypot’s design and implementation. Results from deploying the honeypot are used to evaluate its properties and present a brief analysis of the information collected. To achieve a modular design, the honeypot is divided into three network-connected components. Container virtualization is utilized to allow easy deployment, imitating systems that adversaries interact with, and isolating performed actions. The result of the project is an easily deployable and distributable high-interaction research honeypot using container virtualization with support for the Secure Shell network protocol. The findings of the report indicate that the developed honeypot functions well and may support research within the field of computer security. However, there is room for deeper analysis of collected data to determine whether the honeypot’s data collection capabilities are enough to draw valuable conclusions.