Honeypots are designed to trap the attacker with the purpose of investigating its malicious behavior. Owing to the increasing variety and sophistication of cyber attacks, how to capture high-quality attack data has become a challenge in the context of honeypot area. All-round honeypots, which mean significant improvement in sensibility, countermeasure and stealth, are necessary to tackle the problem. In this paper, we propose a novel honeypot architecture termed HoneyDOC to support all-round honeypot design and implementation. Our HoneyDOC architecture clearly identifies three essential independent and collaborative modules, Decoy, Captor and Orchestrator. Based on the efficient architecture, a Software-Defined Networking (SDN) enabled honeypot system is designed, which supplies high programmability for technically sustaining the features for capturing high-quality data. A proof-of-concept system is implemented to validate its feasibility and effectiveness. The experimental results show the benefits by using the proposed architecture comparing to the previous honeypot solutions.

翻译：蜜罐旨在诱捕攻击者以研究其恶意行为。由于网络攻击的多样性与复杂性日益增长，如何捕获高质量攻击数据已成为蜜罐领域面临的挑战。为解决此问题，需构建全方位蜜罐，即在感知性、对抗性与隐蔽性方面实现显著提升。本文提出一种新型蜜罐架构HoneyDOC，以支持全方位蜜罐的设计与实现。该架构明确划分了三个本质独立且协同工作的模块：诱饵(Decoy)、捕获器(Captor)与编排器(Orchestrator)。基于此高效架构，设计了一个支持软件定义网络(SDN)的蜜罐系统，通过高可编程性为捕获高质量数据的技术特性提供可持续支撑。为验证其可行性与有效性，实现了概念验证系统。实验结果表明，与现有蜜罐方案相比，采用该架构具有显著优势。