Home // ICIMP 2025, The Twentieth International Conference on Internet Monitoring and Protection // View article

Hounterfeit: A Virtual Self-Defending Infrastructure with Transparent Relocation to Honeypots

Authors:
Mihai-Alexandru Bogatu
Adrian-Răzvan Deaconescu
Cătălin-Adrian Leordeanu

Keywords: SDN; CRIU; IPS; Honeypots.

Abstract:
Advanced Persistent Threats (APTs) pose the most sophisticated cyber-attacks, some of which reside in the internal networks over an extended period of time. Intrusion Detection and Prevention Systems (IDS / IPS) strive to keep up with the newest attacks; however, they are often updated only after a 0-day causes impact to businesses. As APTs continue to evolve, we propose Hounterfeit - a self-defending infrastructure that deceives attackers into revealing their payloads on production-looking Honeypot systems. The architecture makes use of Software-Defined Networking (SDNs) alongside process migration through Checkpoint/Restore In Userspace (CRIU) to achieve a transparent relocation to a honeypot environment, with low network overhead, while also maintaining scalability. Once common attack indicators are detected, the malicious actor is transferred transparently alongside its application and network session, to a replica of the server that masquerades sensitive data. The infrastructure can be used as a base to deceive attackers to expose attack methods tailored for the real live systems.

Pages: 1 to 8

Copyright: Copyright (c) IARIA, 2025

Publication date: April 6, 2025

Published in: conference

ISSN: 2308-3980

ISBN: 978-1-68558-250-0

Location: Valencia, Spain

Dates: from April 6, 2025 to April 10, 2025