Honeypots in Active Defense: A Tactical Approach to Cyber Threat Intelligence and Deception

Diogo Fontinha Braz

Key information

Authors:

Diogo Fontinha Braz (Diogo Fontinha Braz)

Supervisors:

Pedro Miguel dos Santos Alves Madeira Adão (Pedro Miguel dos Santos Alves Madeira Adão); Fernando Mira da Silva (Fernando Henrique Côrte-Real Mira da Silva)

Published in

11/12/2024

Abstract

As cyber threats continue to evolve, understanding how attackers operate and identifying their tactics are essential for enhancing security mechanisms. Honeypots, designed to simulate vulnerable systems and attract attackers, provide valuable insights into malicious activities. However, many publicly available honeypots are easily detectable, reducing their effectiveness. To address these issues, this thesis introduces the development of a web-based honeypot designed with several key objectives: ease of deployment with minimal configuration, maximized attack data collection, safeguards to prevent becoming an attack vector, minimal maintenance requirements, and adherence to ethical and legal standards. The proposed honeypot stands out due to its ease of scalability, adaptability to changing traffic patterns, and ability to capture extensive attack data while maintaining operational security. The honeypot is designed to remain lightweight yet robust, with built-in mechanisms to prevent detection and reduce the risk of misuse by attackers. Additionally, its modular architecture facilitates seamless integration with various network environments, offering flexibility and resilience in monitoring and analyzing malicious activities. Following its development, the honeypot was deployed and made publicly accessible for one month. During this period, it recorded 9,179 malicious requests from 806 unique IP addresses. The data collected provided valuable insights into the objectives and methodologies of attackers. Upon evaluation, the honeypot successfully achieved all predefined objectives, demonstrating its effectiveness and contribution to the field.

Publication details

Authors in the community:

Diogo Fontinha Braz
ist195557

Supervisors of this institution:

Pedro Miguel dos Santos Alves Madeira Adão
ist14151
Fernando Henrique Côrte-Real Mira da Silva
ist12048

Fields of Science and Technology (FOS)

electrical-engineering-electronic-engineering-information-engineering - Electrical engineering, electronic engineering, information engineering

Publication language (ISO code)

eng - English

Rights type:

Embargoed access

Date available:

09/11/2025

Institution name

Instituto Superior Técnico