Orchestrating honeypot deployment in lightweight container platforms to improve security

Yurii Tulashvili; Viktor Kosheliuk

doi:10.46299/j.isjea.20250401.01

Authors

Yurii Tulashvili Department of Computer Science, Lutsk National Technical University, Lutsk, Ukraine https://orcid.org/0000-0002-0780-9529
Viktor Kosheliuk Department of Computer Science, Lutsk National Technical University, Lutsk, Ukraine https://orcid.org/0000-0002-4136-5087

DOI:

https://doi.org/10.46299/j.isjea.20250401.01

Keywords:

honeypot, microservices, orchestration, security, virtual cluster

Abstract

A significant evolution has occurred in the architectural and infrastructural domains of web applications over the past several years. Monolithic systems are gradually being superseded by microservices-based architectures, which are now considered the de facto standard for web application development owing to their inherent portability, scalability, and ease of deployment. Concurrently, the prevalence of this architecture has rendered it susceptible to specialized cyberattacks. While honeypots have proven effective in the past for gathering real-world attack data and uncovering attacker methods, their growing popularity has made them a specific target for cyberattacks. Traditional honeypots lack the flexibility of microservices architecture. Honeypots have proven effective in gathering authentic attack data and analyzing attacker tactics. The core idea that honey traps help identify malicious packets with minimal effort to remove incorrect alerts is preserved. In addition to identifying and documenting specific attack methods used by intruders, this system helps thwart attacks by creating realistic simulations of the actual systems and applications within the network. This effectively slows down and confuses attackers by making it difficult for them to gain access to real devices. This paper presents a groundbreaking approach to honeypot management within cybersecurity, utilizing virtual clusters and a microservice architecture to significantly improve the effectiveness of threat detection. To conduct our research, we initially surveyed the internet to pinpoint container and container management systems operating on standard ports that might be susceptible to attacks. The monitoring of the instrumented approach generated a massive dataset, enabling researchers to make significant inferences about the behavior and goals of malevolent users. We advocate for the implementation of honeypots on lightweight distribution orchestration tools installed on Ubuntu servers, situated behind a meticulously crafted gateway and operating on standard port configurations. In light of the scan outcomes, we recommend the deployment of honeypot orchestration on streamlined distributions. To better protect your systems based on our scan results, we recommend implementing honeypot orchestration for easier deployment and management. By deploying honeypots on lightweight operating systems, you can optimize resource usage and improve performance while maintaining essential capabilities. These capabilities include monitoring attack patterns on vulnerable systems and analyzing the security measures implemented by those responsible for managing exposed systems.

References

Pahl, Claus; Jamshidi, Pooyan; Zimmermann, Olaf (2020). Microservices and Containers. Software Engineering 2020. DOI: 10.18420/SE2020_34.

Liu, G. et al. (2020). Microservices: Architecture, container, and challenges. in 2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C). 629–635. https://doi.org/10.1109/QRS- C51114.2020.00107.

Wan, X., Guan, X., Wang, T., Bai, G. & Choi, B.-Y. (2018). Application deployment using microservice and docker containers: Framework and optimization. J. Netw. Comput. Appl. 119, 97–109. https://doi.org/10.1016/j.jnca. 2018. 07. 003.

Batchu, R. K. & Seetha, H. (2021). A generalized machine learning model for DDoS attacks detection using hybrid feature selection and hyperparameter tuning. Comput. Netw. 200, 108498. https:// doi. org/ 10. 1016/j. comnet. 2021. 108498.

Halvorsen, J., Waite, J. & Hahn, A. (2019). Evaluating the observability of network security monitoring strategies with tomato. IEEE Access 7, 108304–108315. https:// doi. org/ 10. 1109/ ACCESS. 2019. 29334 15.

Zhi Li,Weijie Liu, Hongbo Chen, XiaoFengWang, Xiaojing Liao, Luyi Xing, Mingming Zha, Hai Jin, and Deqing Zou. (2022). Robbery on DevOps: Understanding and Mitigating Illicit Cryptomining on Continuous Integration Service Platforms. In 2022 IEEE Symposium on Security and Privacy (SP). IEEE, San Francisco, CA, USA, 2397–2412. https://doi.org/10.1109/SP46214.2022. 9833803

Shafiq, M., Tian, Z., Sun, Y., Du, X. & Guizani, M. (2020). Selection of effective machine learning algorithm and Bot–IoT attacks traffic identification for internet of things in smart city. Future Gener. Comput. Syst. 107, 433–442. https://doi. org/10.1016/j.future.2020.02. 017.

Franco, J., Aris, A., Canberk, B. & Uluagac, A. S. (2021). A survey of honeypots and honeynets for internet of things, industrial internet of things, and cyber-physical systems. IEEE Commun. Surv. Tutorials 23, 2351–2383. https:// doi. org/ 10. 1109/ COMST. 2021. 3106669

Y. Sun, Z. Tian, M. Li, S. Su, X. Du and M. Guizani. (2021). Honeypot Identification in Softwarized Industrial Cyber–Physical Systems. IEEE Transactions on Industrial Informatics, vol. 17, no. 8, pp. 5542-5551, Aug. 2021, https://doi.org/ 10.1109/TII.2020.3044576

The Honeynet Project: Spam Honeypot with Intelligent Virtual Analyzer. Available at: https://www.honeynet.org/

Windows Container Malware Targets Kubernetes Clusters. Available at: https://threatpost.com/windows-containers-malware-targets-kubernetes/166692/

Rashid, S. M., Haq, A., Hasan, S. T., Furhad, M. H., Ahmed, M., & Ullah, A. B. (2022). Faking smart industry: Exploring cyber-threat landscape deploying cloud-based honeypot. Wireless Networks, 1-15. Advance online publication. https://doi.org/10.1007/s11276-022-03057-y

Jay Chen. (2020) Attacker’s Tactics and Techniques in Unsecured Docker Daemons Revealed. Available at: https://unit42.paloaltonetworks.com/attackers-tactics-andtechniques-in-unsecured-docker-daemons-revealed/

Docker. Run the Docker daemon as a non-root user (Rootless mode). Available at: https://docs. docker.com/engine/security/rootless/#known-limitations

Kubernetes. Good practices for Kubernetes Secrets. Available at: https:// kubernetes.io/docs/concepts/ security/secrets-good-practices/ Section: docs.

Kubernetes. Pods. Available at: https://kubernetes.io/docs/concepts/workloads/pods/

Kubernetes. Production-Grade Container Orchestration. Available at: https://kubernetes.io/

Andrew Martin and Michael Hausenblas. (2021). Hacking Kubernetes: threat-driven analysis and defense. O’Reilly Media, Sebastopol, CA. 300. ISBN 9781492081739.

Niels Provos and Thorsten Holz. (2007). Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Addison-Wesley Professional PTG, Boston, Massachusetts. 440. ISBN 0321336321.

Akond Rahman, Shazibul Islam Shamim, Dibyendu Brinto Bose, and Rahul Pandita. (2023) Security Misconfigurations in OpenSource Kubernetes Manifests: An Empirical Study. ACM Transactions on Software Engineering and Methodology TBD, 37. https://doi.org/10.1145/ 3579639 Publisher: ACM New York, NY.

Ferreira, A.P., Sinnott, R. (2019). A performance evaluation of containers running on managed kubernetes services. In: 2019 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), pp. 199-208. IEEE. https://doi.org/10.1109/cloudcom. 2019.00038

Goethals, T., Turck, F.D., Volckaert, B. (2019). FLEDGE: Kubernetes compatible container orchestration on low-resource edge devices. In: Internet of Vehicles. Technologies and Services Toward Smart Cities, pp. 174-189. Springer International Publishing. https://doi.org/ 10.1007/978-3-030-38651-1 16

Kristiani, E., Yang, C.T., Huang, C.Y., Wang, Y.T., Ko, P.C. (2020) The implementation of a cloud-edge computing architecture using OpenStack and kubernetes for air quality monitoring application pp. 1-23. https://doi.org/10.1007/s11036-020-01620-5

C. Gupta. (2021). HoneyKube: designing a honeypot using microservices-based architecture. Ph.D. Dissertation. University of Twente. Available at: http://essay.utwente.nl/ 88323/

Jafarian, Jafar Haadi & Niakanlahiji, Amirreza. (2020). Delivering Honeypots as a Service. DOI: 10.24251/HICSS.2020.227. Available at: http://hdl.handle.net/10125/63966

Christopher Kelly, Nikolaos Pitropakis, Alexios Mylonas, Sean McKeown, and William J. Buchanan. (2021). A Comparative Analysis of Honeypots on Different Cloud Platforms. Sensors 21, 7 , 2433. https://doi.org/10.3390/ s21072433

Github : huuck / adbhoney. Available at: https://github.com/huuck/ADBHoney

DDosPot. Available at: https://github.com/aelth/ddospot

Cowrie Project. Available at: https://github.com/cowrie/cowrie

Inc. Amazon Web Services. Security in Amazon EKS - Amazon EKS. Available at: https://docs.aws.amazon. com/eks/latest/userguide/security.html

Orchestrating honeypot deployment in lightweight container platforms to improve security

Authors

DOI:

Keywords:

Abstract

References

Downloads

Published

How to Cite

Issue

Section

License

Similar Articles

flags

indexation

Information

Invitation

CCby