Performance analysis of honeypot with Petri nets

Abstract

As one of the active defense technologies, the honeypot deceives the latent intruders to interact with the imitated systems or networks deployed with security mechanisms. Its modeling and performance analysis have not been well studied. In this paper, we propose a honeypot performance evaluation scheme based on Stochastic Petri Nets (SPN). We firstly set up performance evaluation models for three types of defense scenarios (i.e., firewall; firewall and Intrusion Detection System (IDS); firewall, IDS and honeypot) based on SPN. We then theoretically analyze the SPN models by constructing Markov Chains (MC), which are isomorphic to the models. With the steady state probabilities based on the MC, the system performance evaluation is done with theoretical inference. Finally, we implement the proposed three SPN models on the PIPE platform. Five parameters are applied to compare and evaluate the performance of the proposed SPN models. The analysis of the probability and delay of three scenarios shows that the simulation results validate the effectiveness in security enhancement of the honeypot under the SPN models.