A honeypot is a decoy tool for luring an attacker and interacting with it, further consuming its resources. Due to its fake property, a honeypot can be recognized by the adversary and loses its value. Honeypots equipped with dynamic characteristics are capable of deceiving intruders. However, most of their dynamic properties are reflected in the system configuration, rather than the location. Dynamic honeypots are faced with the risk of being identified and avoided. In this paper, we focus on the dynamic locations of honeypots and propose a distributed honeypot scheme. By periodically changing the services, the attacker cannot distinguish the real services from honeypots, and the illegal attack flow can be recognized. We adopt game theory to illustrate the effectiveness of our system. Gambit simulations are conducted to validate our proposed scheme. The game-theoretic reasoning shows that our system comprises an innovative system defense. Further simulation results prove that the proposed scheme improves the server’s payoff and that the attacker tends to abandon launching attacks. Therefore, the proposed distributed honeypot scheme is effective for network security.
A survey on game theoretic approaches for privacy preservation in data mining and network security
