{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,31]],"date-time":"2026-03-31T15:02:54Z","timestamp":1774969374056,"version":"3.50.1"},"reference-count":17,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2023,3,28]],"date-time":"2023-03-28T00:00:00Z","timestamp":1679961600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62002028"],"award-info":[{"award-number":["62002028"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Research Innovation Fund for College Students of Beijing University of Posts and Telecommunications","award":["62002028"],"award-info":[{"award-number":["62002028"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>In this paper, considering the problem that the common defensive means in the current cyber confrontation often fall into disadvantage, honeypot technology is adopted to turn reactive into proactive to deal with the increasingly serious cyberspace security problem. We address the issue of common defensive measures in current cyber confrontations that frequently lead to disadvantages. To tackle the progressively severe cyberspace security problem, we propose the adoption of honeypot technology to shift from a reactive to a proactive approach. This system uses honeypot technology for active defense, tempting attackers into a predetermined sandbox to observe the attacker\u2019s behavior and attack methods to better protect equipment and information security. During the research, it was found that due to the singularity of traditional honeypots and the limitations of low-interactivity honeypots, the application of honeypot technology has difficulty in achieving the desired protective effect. Therefore, the system adopts a highly interactive honeypot and a modular design idea to distinguish the honeypot environment from the central node of data processing, so that the honeypot can obtain more sufficient information and the honeypot technology can be used more easily. By managing honeypots at the central node, i.e., adding, deleting, and modifying honeypots and other operations, it is easy to maintain and upgrade the system, while reducing the difficulty of using honeypots. The high-interactivity honeypot technology not only attracts attackers into pre-set sandboxes to observe their behavior and attack methods, but also performs a variety of advanced functions, such as network threat analysis, virtualization, vulnerability perception, tracing reinforcement, and camouflage detection. We have conducted a large number of experimental comparisons and proven that our method has significant advantages compared to traditional honeypot technology and provides detailed data support. Our research provides new ideas and effective methods for network security protection.<\/jats:p>","DOI":"10.3390\/fi15040127","type":"journal-article","created":{"date-parts":[[2023,3,28]],"date-time":"2023-03-28T04:37:15Z","timestamp":1679978235000},"page":"127","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":26,"title":["A Highly Interactive Honeypot-Based Approach to Network Threat Management"],"prefix":"10.3390","volume":"15","author":[{"given":"Xingyuan","family":"Yang","sequence":"first","affiliation":[{"name":"School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 102206, China"},{"name":"Key Laboratory of Trustworthy Distributed Computing and Service (BUPT), Ministry of Education, Beijing 100876, China"}]},{"given":"Jie","family":"Yuan","sequence":"additional","affiliation":[{"name":"School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 102206, China"},{"name":"Key Laboratory of Trustworthy Distributed Computing and Service (BUPT), Ministry of Education, Beijing 100876, China"}]},{"given":"Hao","family":"Yang","sequence":"additional","affiliation":[{"name":"School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 102206, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-4572-9412","authenticated-orcid":false,"given":"Ya","family":"Kong","sequence":"additional","affiliation":[{"name":"School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 102206, China"}]},{"given":"Hao","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 102206, China"}]},{"given":"Jinyu","family":"Zhao","sequence":"additional","affiliation":[{"name":"School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing 102206, China"}]}],"member":"1968","published-online":{"date-parts":[[2023,3,28]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"2351","DOI":"10.1109\/COMST.2021.3106669","article-title":"A survey of honeypots and honeynets for internet of things, industrial internet of things, and cyber-physical systems","volume":"23","author":"Franco","year":"2021","journal-title":"IEEE Commun. Surv. Tutorials"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Mairh, A., Barik, D., Verma, K., and Jena, D. (2011, January 12\u201314). Honeypot in network security: A survey. Proceedings of the 2011 International Conference on Communication, Computing & Security (ICCCS \u201911), Rourkela, Odisha, India.","DOI":"10.1145\/1947940.1948065"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Ferretti, P., Pogliani, M., and Zanero, S. (2019, January 11). Characterizing Background Noise in ICS Traffic Through a Set of Low Interaction Honeypots. Proceedings of the ACM Workshop on Cyber-Physical Systems Security & Privacy (CPS-SPC\u201919), London, UK.","DOI":"10.1145\/3338499.3357361"},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Amine, D.M., Youcef, D., and Kadda, M. (2019, January 12\u201315). IDS-DL: A description language for detection system in cloud computing. Proceedings of the 12th International Conference on Security of Information and Networks (SIN \u201919), Sochi, Russia.","DOI":"10.1145\/3357613.3357626"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Antonatos, S., Anagnostakis, K., and Markatos, E. (2007, January 2). Honey@home: A new approach to large-scale threat monitoring. Proceedings of the 2007 ACM workshop on Recurring malcode (WORM \u201907), Alexandria, VA, USA.","DOI":"10.1145\/1314389.1314398"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Dhiren, M., Joshi, H., and Patel, B.K. (2012, January 17\u201319). Towards application classification with vulnerability signatures for IDS\/IPS. Proceedings of the First International Conference on Security of Internet of Things (SecurIT \u201912), Kollam, India.","DOI":"10.1145\/2490428.2490459"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Chakrabarti, S., Chakraborty, M., and Mukhopadhyay, I. (2010, January 26\u201327). Study of snort-based IDS. Proceedings of the International Conference and Workshop on Emerging Trends in Technology (ICWET \u201910), Mumbai, Maharashtra, India.","DOI":"10.1145\/1741906.1741914"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Olufowobi, H., Hounsinou, S., and Bloom, G. (2019, January 11). Controller Area Network Intrusion Prevention System Leveraging Fault Recovery. Proceedings of the ACM Workshop on Cyber-Physical Systems Security & Privacy (CPS-SPC\u201919), London, UK.","DOI":"10.1145\/3338499.3357360"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Wei, H., Hassanshahi, B., Bai, G., Krishnan, P., and Vorobyov, K. (2021, January 11\u201317). MoScan: A model-based vulnerability scanner for web single sign-on services. Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2021), Online.","DOI":"10.1145\/3460319.3469081"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Belqruch, A., and Maach, A. (2019, January 27\u201329). SCADA security using SSH honeypot. Proceedings of the 2nd International Conference on Networking, Information Systems & Security (NISS19), Rabat, Morocco.","DOI":"10.1145\/3320326.3320328"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"117073","DOI":"10.1016\/j.eswa.2022.117073","article-title":"Honeyboost: Boosting honeypot performance with data fusion and anomaly detection","volume":"201","author":"Sevvandi","year":"2022","journal-title":"Expert Syst. Appl."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Yang, F., Huang, Y., Zhao, Y., Li, J., Jiang, G., and Cheng, J. (2017, January 14\u201319). The Best of Both Worlds: Big Data Programming with Both Productivity and Performance. Proceedings of the 2017 ACM International Conference on Management of Data (SIGMOD \u201917), Chicago, IL, USA.","DOI":"10.1145\/3035918.3058735"},{"key":"ref_13","unstructured":"Guarnizo, J.D., Tambe, A., Bhunia, S.S., Ochoa, M., Tippenhauer, N.O., Shabtai, A., and Elovici, Y. (2017, January 2). SIPHON: Towards Scalable High-Interaction Physical Honeypots. Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security (CPSS \u201917), Abu Dhabi, United Arab Emirates."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"100664","DOI":"10.1016\/j.measen.2022.100664","article-title":"H-DOCTOR: Honeypot based firewall tuning for attack prevention","volume":"25","author":"Amal","year":"2023","journal-title":"Meas. Sens."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"965","DOI":"10.4218\/etrij.2019-0155","article-title":"New framework for adaptive and agile honeypots","volume":"42","author":"Dowling","year":"2020","journal-title":"ETRI J."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Bhosale, D.A., and Mane, V.M. (2015, January 29\u201331). Comparative study and analysis of network intrusion detection tools. Proceedings of the 2015 International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT), Davangere, Karnataka, India.","DOI":"10.1109\/ICATCCT.2015.7456901"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Bistarelli, S., Bosimini, E., and Santini, F. (2021, January 17\u201320). A Medium-Interaction Emulation and Monitoring System for Operational Technology. Proceedings of the 16th International Conference on Availability, Reliability and Security (ARES 21), Vienna, Austria.","DOI":"10.1145\/3465481.3470100"}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/15\/4\/127\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T19:04:51Z","timestamp":1760123091000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/15\/4\/127"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,3,28]]},"references-count":17,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2023,4]]}},"alternative-id":["fi15040127"],"URL":"https:\/\/doi.org\/10.3390\/fi15040127","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,3,28]]}}}