To What Extent Are Honeypots and Honeynets Autonomic Computing Systems?

TL;DR

This paper examines the integration of autonomic computing principles into honeypots and honeynets, revealing partial adoption and highlighting areas for future technical development and implementation in cybersecurity deception systems.

Contribution

It provides an analysis of literature to assess the extent of autonomic computing principles in honeypot and honeynet research, identifying gaps and suggesting directions for future work.

Findings

Autonomic keywords are present in the literature, indicating an evolution.

Low frequencies of self-configuration, self-healing, and self-protection are observed.

Self-optimization is prominently featured in the literature.

Abstract

Cyber threats, such as advanced persistent threats (APTs), ransomware, and zero-day exploits, are rapidly evolving and demand improved security measures. Honeypots and honeynets, as deceptive systems, offer valuable insights into attacker behavior, helping researchers and practitioners develop innovative defense strategies and enhance detection mechanisms. However, their deployment involves significant maintenance and overhead expenses. At the same time, the complexity of modern computing has prompted the rise of autonomic computing, aiming for systems that can operate without human intervention. Recent honeypot and honeynet research claims to incorporate autonomic computing principles, often using terms like adaptive, dynamic, intelligent, and learning. This study investigates such claims by measuring the extent to which autonomic principles principles are expressed in honeypot and honeynet literature. The findings reveal that autonomic computing keywords are present in the literature sample, suggesting an evolution from self-adaptation to autonomic computing implementations. Yet, despite these findings, the analysis also shows low frequencies of self-configuration, self-healing, and self-protection keywords. Interestingly, self-optimization appeared prominently in the literature. While this study presents a foundation for the convergence of autonomic computing and deceptive systems, future research could explore technical implementations in sample articles and test them for autonomic behavior. Additionally, investigations into the design and implementation of individual autonomic computing principles in honeypots and determining the necessary ratio of these principles for a system to exhibit autonomic behavior could provide valuable insights for both researchers and practitioners.