Conventional cybersecurity tools, such as firewalls and Intrusion Prevention Systems, have been widely employed to protect against digital threats. However, these approaches reveal their inherent limitations as the complexity and sophistication of cyberattacks increase. Consequently, there is a growing demand for more proactive and adaptive cyber-defense strategies. Deception-based techniques, such as Moving Target Defense (MTD) and honeypots, have emerged as powerful approaches to enhance security by confusing and misleading attackers. Despite their potential, deploying these solutions in large-scale network infrastructures poses significant challenges. Manual configuration of honeypots is time-consuming, resource-intensive, and difficult to scale. Moreover, it is mandatory to ensure that honeypots do not become a pivot for attackers to penetrate the enterprise network infrastructure further. To address these issues, we propose “Sdn-Mtd Automated System with Honeypot integration” (SMASH), a framework that leverages Software Defined Networking (SDN) principles in conjunction with MTD and decoy techniques. Following a Design Science approach, we designed, implemented, and evaluated SMASH to overcome these deployment and management challenges. SMASH not only makes it more difficult for attackers to target the production network infrastructure, but also provides valuable real-time threat intelligence by observing attacker behavior. When an intrusion attempt is detected, MTD techniques redirect the attacker to an isolated subnet dedicated to threat monitoring, preventing access to sensitive systems and data. Furthermore, SMASH introduces a flexible and scalable management system that allows automatic deployment, setup, and real-time monitoring of honeypots. This dynamic adaptability allows organizations to scale their defenses in response to evolving threats, significantly enhancing the security posture of real-world enterprise environments.
SMASH: An SDN-MTD framework for efficient honeypot deployment and insider threat mitigation / D'Ambrosio, N.; Lista, C.; Perrone, G.; Romano, S. P.. - In: COMPUTER NETWORKS. - ISSN 1389-1286. - 269:(2025). [10.1016/j.comnet.2025.111327]
SMASH: An SDN-MTD framework for efficient honeypot deployment and insider threat mitigation
d'Ambrosio N.;Perrone G.;Romano S. P.
2025
Abstract
Conventional cybersecurity tools, such as firewalls and Intrusion Prevention Systems, have been widely employed to protect against digital threats. However, these approaches reveal their inherent limitations as the complexity and sophistication of cyberattacks increase. Consequently, there is a growing demand for more proactive and adaptive cyber-defense strategies. Deception-based techniques, such as Moving Target Defense (MTD) and honeypots, have emerged as powerful approaches to enhance security by confusing and misleading attackers. Despite their potential, deploying these solutions in large-scale network infrastructures poses significant challenges. Manual configuration of honeypots is time-consuming, resource-intensive, and difficult to scale. Moreover, it is mandatory to ensure that honeypots do not become a pivot for attackers to penetrate the enterprise network infrastructure further. To address these issues, we propose “Sdn-Mtd Automated System with Honeypot integration” (SMASH), a framework that leverages Software Defined Networking (SDN) principles in conjunction with MTD and decoy techniques. Following a Design Science approach, we designed, implemented, and evaluated SMASH to overcome these deployment and management challenges. SMASH not only makes it more difficult for attackers to target the production network infrastructure, but also provides valuable real-time threat intelligence by observing attacker behavior. When an intrusion attempt is detected, MTD techniques redirect the attacker to an isolated subnet dedicated to threat monitoring, preventing access to sensitive systems and data. Furthermore, SMASH introduces a flexible and scalable management system that allows automatic deployment, setup, and real-time monitoring of honeypots. This dynamic adaptability allows organizations to scale their defenses in response to evolving threats, significantly enhancing the security posture of real-world enterprise environments.| File | Dimensione | Formato | |
|---|---|---|---|
|
1-s2.0-S1389128625002944-main.pdf
accesso aperto
Tipologia:
Versione Editoriale (PDF)
Licenza:
Creative commons
Dimensione
4.58 MB
Formato
Adobe PDF
|
4.58 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
