Threat Modeling for Honeypot Deployment
Penulis:Â Silaen, Kalpin Erlangga;Â Gaol, Ford Lumban;Â Supangkat, Suhono Harso;Â Ranti, Benny
Informasi
JurnalProceeding - IEEE 10th Information Technology International Seminar, ITIS 2024
PenerbitInstitute of Electrical and Electronics Engineers Inc.
Halaman57 - 61
Tahun Publikasi2024
ISBN979-833152129-5
Jenis SumberScopus
Abstrak
The increasing complexity of cyber attacks, including 0-day vulnerabilities and APTs, has rendered traditional defenses like firewalls and IDS/IPS insufficient. Honeypots have been proposed as a solution to detect and analyze new attack types by simulating vulnerable systems and capturing malicious activities. However, the deployment of honeypots introduces unique risks, necessitating a comprehensive threat modeling approach to mitigate potential drawbacks. This paper explores the intersection of threat modeling and honeypot deployment, identifying threats, and proposing effective mitigation strategies. We applied a threat model adapted from a simplified PASTA framework based on risk-centric and proposed mitigation plans such as network segmentation, outbound traffic filtering, resource monitoring, and regular updates. Additionally, we discussed alternative honeypot deployments outside the organization's internal network to avoid arising risks. We found that deploying high-interaction honeypots carries high risks due to a broader attack flow. The novelty of this study lies in adapting the attack-flow approach for honeypot threat modeling, providing a structured method to analyze and mitigate honeypot-specific threats. Future research directions include conducting long-term studies and detailed case studies to further optimize the interaction between honeypot deployments and threat modeling for enhanced security outcomes. © 2024 IEEE.
Dokumen & Tautan
