Authors:
Sereysethy Touch
and
Jean-Noël Colin
Affiliation:
InfoSec Research Group, NaDI Research Institute, University of Namur, Rue de Bruxelles 61, 5000 Namur, Belgium
Keyword(s):
Adaptive Honeypot, Multiple-objective Honeypot, Reinforcement Learning, Intelligent Honeypot.
Abstract:
Cybersecurity is of critical importance to any organisations on the Internet, with attackers exploiting any security loopholes to attack them. To combat cyber threats, a honeypot, a decoy system, has been an effective tool used since 1991 to deceive and lure attackers to reveal their attacks. However, these tools become increasingly easy to detect, which diminishes their usefulness. Recently, adaptive honeypots, which can change their behaviour in response to attackers, have emerged: despite their promise, however, they still have some shortcomings of their own. In this paper we survey conventional and adaptive honeypots and discuss their limitations. We introduce an approach for adaptive honeypots that uses Q-learning, a reinforcement learning algorithm, to effectively achieve two objectives at the same time: (1) learn to engage with attacker to collect their attack tools and (2) guard against being compromised by combining state environment and action to form a new reward function.