Improving container security with honeypot deployment
DOI:
https://doi.org/10.46299/j.isjea.20250403.02Keywords:
honeypot, kubernetes, security, clusterAbstract
The transformation of business in the digital era requires a transition to a microservices architecture, which involves creating applications as independent services. In this context, containerization is gaining increasing importance, and Kubernetes (K8s), due to its efficiency in container management, is becoming a critical tool. It provides ease of deployment, scaling, and management of applications, which allows companies to accelerate the process of digital transformation. Despite its advantages, Kubernetes is not completely protected from security threats. Along with traditional means of protection, it is important to study the tactics of attackers. Honeypots have become an integral part of the arsenal of means of protection against cyber threats. Developers are constantly working on creating new types of decoys to effectively resist hackers seeking to penetrate conventional and industrial networks. Honeypots are used to collect data about hackers by disguising themselves as a weak point in the system. Therefore, research into the role of honeypots in improving infrastructure security is quite important. The effectiveness of decoy systems in monitoring cyberattacks and intrusion attempts is proven, but their deployment on a scale sufficient to capture a significant number of incidents is difficult. In the context of increasing cyber threats, primarily aimed at critical infrastructure, there is a need to develop more effective methods for collecting information about suspicious traffic. The purpose of the work is to study the effectiveness of using decoy systems to detect intrusions in container cloud environments, in particular in the context of Kubernetes. In this study, we focus on the deployment and use of decoy systems to improve the security of the Kubernetes environment. The publication claims that ContainerSSH is the most successful solution for creating a honeypot in the Kubernetes environment, as it combines maturity, ease of use and broad compatibility. It is also emphasized that using a honeypot allows you to obtain important data about threats and features of cloud system protection.References
Priya, Devi & Chakkaravarthy, Sibi. (2023). Containerized cloud-based honeypot deception for tracking attackers. Scientific Reports. 13. 1437. 10.1038/s41598-023-28613-0.
Trần, Minh-Ngọc & Vu, Dinh-Dai & Kim, Younghan. (2022). A Survey of Autoscaling in Kubernetes. 263-265. 10.1109/ICUFN55119.2022.9829572.
Kovalenko, V.V. & Bukasov, Maksym. (2024). Scheduling Methods and Models for Kubernetes Orchestrator. Visnyk of Vinnytsia Politechnical Institute. 175. 86-94. 10.31649/1997-9266-2024-175-4-86-94.
Jadhav, Yogesh & Sable, Arjun & Suresh, Maithri & Hanawal, Manjesh. (2023). Securing Containers: Honeypots for Analysing Container Attacks. 225-227. 10.1109/COMSNETS56262.2023.10041276.
Viktor Kosheliuk, Yurii Tulashvili. Implementing Honeypots for Detecting Cyber Threats with AWS using the ELK. International Journal of Computing, 23(4), 618-624. https://doi.org/10.47839/ijc.23.4.3761
Reddy, Dinesh. (2023). Security in Kubernetes: A Comprehensive Review of Best Practices. International Journal of Science and Research (IJSR). 12. 10.21275/SR24304111526.
Amal, M. R., & Venkadesh, P. (2022). Review of cyber attack detection: Honeypot system. Webology, 19(1), 5497-5514.
Pashaei, A., Akbari, M. E., Lighvan, M. Z., & Charmin, A. (2022). Early Intrusion Detection System using honeypot for industrial control networks. Results in Engineering, 16, 100576.
A. Rahman, S.I. Shamim, D.B. Bose, and R. Pandita. Security Misconfigurations in Open-Source Kubernetes Manifests: An Empirical Study. ACM Transactions on Software Engineering and Methodology, Volume 32, Issue 4 Article No.: 99, pp. 1 – 36 https://doi.org/10.1145/357963
Md Shazibul Islam Shamim, Farzana Ahamed Bhuiyan, Akond Rahman. Xi commandments of kubernetes security: A systematization of knowledge related to kubernetes security practices. 2020 IEEE Secure Development (SecDev). pp. 58-64
Shay Berkovich, Jeffrey Kam, and Glenn Wurster. 2020. UBCIS: ultimate benchmark for container image scanning. In Proceedings of the 13th USENIX Conference on Cyber Security Experimentation and Test (CSET'20). USENIX Association, USA, Article 10, 10.
Wang, X., Guo, N., Gao, F., & Feng, J. (2019). Distributed denial of service attack defence simulation based on honeynet technology. Journal of Ambient Intelligence and Humanized Computing, 1-16.
Shukla, A. S., & Maurya, R. (2018). Entropy-based anomaly detection in a network. Wireless Personal Communications, 99(4), 1487-1501.
Mohammadzad, M., & Karimpour, J. (2023). Using rootkits hiding techniques to conceal honeypot functionality. Journal of Network and Computer Applications, 103606.
McKee, F., & Noever, D. (2023). Chatbots in a Honeypot World. arXiv preprint arXiv:2301.03771.
Ikuomenisan, Gbenga & Morgan, Yasser. (2022). Meta-Review of Recent and Landmark Honeypot Research and Surveys. Journal of Information Security. 13. 181-209. 10.4236/jis.2022.134011.
Options for Highly Available Topology. Available at: https://kubernetes.io/docs/setup/ productionenvironment/tools/kubeadm/ha-topology/
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Igor Andrushchak, Viktor Kosheliuk, Denys Yasashnyi
This work is licensed under a Creative Commons Attribution 4.0 International License.
