To obtain access to full text of journal and articles you must register!
- Article name
- USE OF NETWORK HONEYPOTT WITH LOW AND HIGH LEVEL OF INTERACTION AS A METHOD OF DETECTING MALICIOUS TRAFFIC IN A TELECOMMUNICATION NETWORK
- Authors
- Sharmaev V. I., , vadidq@ya.ru, Moscow Aviation Institute (National Research University), Moscow, Russia
- Keywords
- honeypot / honeynet / network security / deception / telecommunication networks
- Year
- 2023 Issue 1 Pages 3 - 8
- Code EDN
- QSOLTG
- Code DOI
- 10.52190/1729-6552_2023_1_3
- Abstract
- The article provides a detailed description of network honeypots (honeypots) as a means of ensuring network security, describes the main requirements for their architecture, and reveals the main differences between honeypots with a low and high level of interaction. In the Node.js software environment, a software-defined network was implemented in which FTP, Telnet, HTTP, and HTTPS connections are allowed, and an imitation of the Ident interaction protocol was created. With the help of the Nmap tool, a network scan was carried out, and then its results were analyzed (successfully established connections, received messages, detected protocol emulations, results of determining the server operating system using TCP/IP protocol stack fingerprints). Based on the results obtained, recommendations are proposed for the use of both baits with a low level of interaction and baits with a high level of interaction. The results of this study can be used to design reliable networks that can prevent, detect, and respond to intruders.
- Text
- To obtain access to full text of journal and articles you must register!
- Buy
