Dynamic Hybrid Honeypot System Based Transparent Traffic Redirection Mechanism

Honeypots are a type of security tools aimed to capture malicious activity. Related to their data capture function, two main factors are important: scalability and fidelity. A hybrid honeypot is a special honeypot system consisting of frontends and backends that can achieve a good balance between scalability and fidelity, as the frontends can monitor large-scale IP address spaces and the backends can provide fully functional systems to guarantee fidelity. The traffic redirection function is used to bridge the frontends and the backends, allowing to redirect the interesting traffic from the frontends to the backends. In this paper, a dynamic hybrid honeypot system based transparent traffic redirection mechanism is proposed in order to address the identical-fingerprint problem. The experimental results show that this mechanism can keep the traffic redirection stealthy and effective.