Dynamic & hybrid honeypot model for scalable network monitoring

Advanced Technology in the area of intrusion detection is the Honeypot technology that unlike common IDS s tends to provide the attacker with all the necessary resources needed for a successful attack. Honeypot provide a platform for studying the methods and tools used by the intruders, thus deriving their value from the unauthorized use of their resource. To provide scalable, early warning and analysis of new Internet threats like worms or automated attacks, we propose globally distributed, hybrid monitoring model that can capture and analyze new vulnerabilities and exploits as they occur. To achieve this, our Model increases the exposure of high-interaction honeypots to these threats by employing low-interaction honeypots as frontend content filters. Host-based techniques capture relevant details such as packet payload of attacks while network monitoring provides wide coverage for quick detection and assessment. To reduce the load of the backends, we filter prevalent content at the network frontends and use a novel handoff mechanism to enable interactions between network and host components.