HoneyKube: Designing and Deploying a Microservices-based Web Honeypot

Chakshu Gupta; Thijs van Ede; Andrea Continella

doi:10.1109/SPW59333.2023.00005

HoneyKube: Designing and Deploying a Microservices-based Web Honeypot

Chakshu Gupta, Thijs van Ede, Andrea Continella

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

9 Citations (Scopus)

128 Downloads (Pure)

Abstract

Over the past few years, we have witnessed a radical change in the architectures and infrastructures of web applications. Traditional monolithic systems are nowadays getting replaced by microservices-based architectures, which have become the natural choice for web application development due to portability, scalability, and ease of deployment. At the same time, due to its popularity, this architecture is now the target of specific cyberattacks. In the past, honeypots have been demonstrated to be valuable tools for collecting real-world attack data and understanding the methods that attackers adopt. However, to the best of our knowledge, there are no existing honeypots based on microservices architectures, which introduce new and different characteristics in the infrastructure. In this paper, we propose HoneyKube, a novel honeypot design that employs the microservices architecture for a web application. To address the challenges introduced by the highly dynamic nature of this architecture, we design an effective and scalable monitoring system that builds on top of the well-known Kubernetes orchestrator. We deploy our honeypot and collect approximately 850 GB of network and system data through our experiments. We also evaluate the fingerprintability of HoneyKube using a state-of-the-art reconnaissance tool. We will release our data and source code to facilitate more research in this field.

Original language	English
Title of host publication	Proceeding - 44th IEEE Symposium on Security and Privacy Workshops, SPW 2023
Place of Publication	Piscataway, NJ
Publisher	IEEE
Pages	1-11
Number of pages	11
ISBN (Electronic)	979-8-3503-1236-2
ISBN (Print)	979-8-3503-1237-9
DOIs	https://doi.org/10.1109/SPW59333.2023.00005
Publication status	Published - 2023
Event	44th IEEE Symposium on Security and Privacy Workshops, SPW 2023 - San Francisco, United States Duration: 22 May 2023 → 25 May 2023 Conference number: 44

Publication series

Name	Proceeding - IEEE Symposium on Security and Privacy Workshops (SPW)
Publisher	IEEE
Volume	2023
ISSN (Print)	2639-7862
ISSN (Electronic)	2770-8411

Conference

Conference	44th IEEE Symposium on Security and Privacy Workshops, SPW 2023
Abbreviated title	SPW
Country/Territory	United States
City	San Francisco
Period	22/05/23 → 25/05/23

Keywords

Honeypots
Kubernetes
Microservices
Web applications
Web security

Access to Document

10.1109/SPW59333.2023.00005

ArticleAccepted author version, 312 KB

Cite this

@inproceedings{68fd78854a584fc68c84847fa22d5eca,

title = "HoneyKube: Designing and Deploying a Microservices-based Web Honeypot",

abstract = "Over the past few years, we have witnessed a radical change in the architectures and infrastructures of web applications. Traditional monolithic systems are nowadays getting replaced by microservices-based architectures, which have become the natural choice for web application development due to portability, scalability, and ease of deployment. At the same time, due to its popularity, this architecture is now the target of specific cyberattacks. In the past, honeypots have been demonstrated to be valuable tools for collecting real-world attack data and understanding the methods that attackers adopt. However, to the best of our knowledge, there are no existing honeypots based on microservices architectures, which introduce new and different characteristics in the infrastructure. In this paper, we propose HoneyKube, a novel honeypot design that employs the microservices architecture for a web application. To address the challenges introduced by the highly dynamic nature of this architecture, we design an effective and scalable monitoring system that builds on top of the well-known Kubernetes orchestrator. We deploy our honeypot and collect approximately 850 GB of network and system data through our experiments. We also evaluate the fingerprintability of HoneyKube using a state-of-the-art reconnaissance tool. We will release our data and source code to facilitate more research in this field.",

keywords = "Honeypots, Kubernetes, Microservices, Web applications, Web security",

author = "Chakshu Gupta and Ede, {Thijs van} and Andrea Continella",

note = "Funding Information: We would like to thank our reviewers for their valuable comments. This work has been supported by the INTERSECT project, Grant No. NWA 1160.18.301, funded by Netherlands Organisation for Scientific Research (NWO). The findings reported herein are the sole responsibility of the authors. Publisher Copyright: {\textcopyright} 2023 IEEE.; 44th IEEE Symposium on Security and Privacy Workshops, SPW 2023, SPW ; Conference date: 22-05-2023 Through 25-05-2023",

year = "2023",

doi = "10.1109/SPW59333.2023.00005",

language = "English",

isbn = "979-8-3503-1237-9",

series = "Proceeding - IEEE Symposium on Security and Privacy Workshops (SPW)",

publisher = "IEEE",

pages = "1--11",

booktitle = "Proceeding - 44th IEEE Symposium on Security and Privacy Workshops, SPW 2023",

address = "United States",

}

Gupta, C , Ede, TV & Continella, A 2023, HoneyKube: Designing and Deploying a Microservices-based Web Honeypot. in Proceeding - 44th IEEE Symposium on Security and Privacy Workshops, SPW 2023. Proceeding - IEEE Symposium on Security and Privacy Workshops (SPW), vol. 2023, IEEE, Piscataway, NJ, pp. 1-11, 44th IEEE Symposium on Security and Privacy Workshops, SPW 2023, San Francisco, California, United States, 22/05/23. https://doi.org/10.1109/SPW59333.2023.00005

HoneyKube: Designing and Deploying a Microservices-based Web Honeypot. / Gupta, Chakshu ; Ede, Thijs van ; Continella, Andrea.
Proceeding - 44th IEEE Symposium on Security and Privacy Workshops, SPW 2023. Piscataway, NJ: IEEE, 2023. p. 1-11 (Proceeding - IEEE Symposium on Security and Privacy Workshops (SPW); Vol. 2023).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - HoneyKube

T2 - 44th IEEE Symposium on Security and Privacy Workshops, SPW 2023

AU - Gupta, Chakshu

AU - Ede, Thijs van

AU - Continella, Andrea

N1 - Conference code: 44

PY - 2023

Y1 - 2023

N2 - Over the past few years, we have witnessed a radical change in the architectures and infrastructures of web applications. Traditional monolithic systems are nowadays getting replaced by microservices-based architectures, which have become the natural choice for web application development due to portability, scalability, and ease of deployment. At the same time, due to its popularity, this architecture is now the target of specific cyberattacks. In the past, honeypots have been demonstrated to be valuable tools for collecting real-world attack data and understanding the methods that attackers adopt. However, to the best of our knowledge, there are no existing honeypots based on microservices architectures, which introduce new and different characteristics in the infrastructure. In this paper, we propose HoneyKube, a novel honeypot design that employs the microservices architecture for a web application. To address the challenges introduced by the highly dynamic nature of this architecture, we design an effective and scalable monitoring system that builds on top of the well-known Kubernetes orchestrator. We deploy our honeypot and collect approximately 850 GB of network and system data through our experiments. We also evaluate the fingerprintability of HoneyKube using a state-of-the-art reconnaissance tool. We will release our data and source code to facilitate more research in this field.

AB - Over the past few years, we have witnessed a radical change in the architectures and infrastructures of web applications. Traditional monolithic systems are nowadays getting replaced by microservices-based architectures, which have become the natural choice for web application development due to portability, scalability, and ease of deployment. At the same time, due to its popularity, this architecture is now the target of specific cyberattacks. In the past, honeypots have been demonstrated to be valuable tools for collecting real-world attack data and understanding the methods that attackers adopt. However, to the best of our knowledge, there are no existing honeypots based on microservices architectures, which introduce new and different characteristics in the infrastructure. In this paper, we propose HoneyKube, a novel honeypot design that employs the microservices architecture for a web application. To address the challenges introduced by the highly dynamic nature of this architecture, we design an effective and scalable monitoring system that builds on top of the well-known Kubernetes orchestrator. We deploy our honeypot and collect approximately 850 GB of network and system data through our experiments. We also evaluate the fingerprintability of HoneyKube using a state-of-the-art reconnaissance tool. We will release our data and source code to facilitate more research in this field.

KW - Honeypots

KW - Kubernetes

KW - Microservices

KW - Web applications

KW - Web security

UR - http://www.scopus.com/inward/record.url?scp=85168772535&partnerID=8YFLogxK

U2 - 10.1109/SPW59333.2023.00005

DO - 10.1109/SPW59333.2023.00005

M3 - Conference contribution

SN - 979-8-3503-1237-9

T3 - Proceeding - IEEE Symposium on Security and Privacy Workshops (SPW)

SP - 1

EP - 11

BT - Proceeding - 44th IEEE Symposium on Security and Privacy Workshops, SPW 2023

PB - IEEE

CY - Piscataway, NJ

Y2 - 22 May 2023 through 25 May 2023

ER -

HoneyKube: Designing and Deploying a Microservices-based Web Honeypot

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this