Adaptive Containerized Honeypots Using Docker for Enhanced Network Defense
摘要
In modern cyber threat environments, static honeypots are increasingly ineffective against adversaries using automated tools such as Nmap and Shodan. This paper introduces the Dynamic Dockerized Deception System (DDDS), an adaptive deception framework that deploys lightweight Docker containers simulating common network services—SSH, HTTP, FTP, Telnet, and SMTP. These services are launched on randomized ports and rotated periodically to prevent fingerprinting and sustained targeting. Inbound traffic is captured using tcpdump, and a Python-based parser generates service-wise behavioral summaries from the resulting PCAP logs. The entire deployment is managed via a shell script that periodically reinitializes honeypots, ensuring variability and resilience. By combining container isolation with dynamic service orchestration, DDDS provides a scalable and stealthy platform for threat engagement. It is designed to support academic research, enterprise monitoring, and cyber defense training scenarios, offering a practical alternative to traditional, static honeypot deployments.