Early Warning System for IT Security Using Virtualized Honeypots in Corporate Networks

Abstract

This research addresses the problem: How to reduce the detection time of cybersecurity incidents in the network infrastructure at Lavaseco Universal Ltda. through the use of cybersecurity decoys made with virtualized honeypots? The general objective is: To design an early warning cybersecurity solution using virtualized honeypots to reduce the detection time of cybersecurity incidents in the network infrastructure in the aforementioned context.

Based on the systematization carried out by various authors in the specialized literature, the concepts of honeypots, honeynets, and cybersecurity in the network infrastructure are addressed. Various aspects are analyzed, such as classification, advantages and disadvantages of their implementation, attacks and vulnerabilities, virtualization, cybersecurity tools, and others. By applying the research instrument, an interview questionnaire to the IT department and company management, the current state of cybersecurity in the network infrastructure is diagnosed, identifying the main problems in the context. From the analysis of influence and dependency among these, applying the Vester Matrix, they are classified to address them with the proposal.

Using a systems approach, an early warning cybersecurity solution using virtualized Honeypots is structured in four phases: analysis, design, implementation, and testing, each with its own description for execution. Based on a pre-experimental process, the proposal is validated. Hypothesis testing and the application of the Welch t-test confirm a reduction in the detection time of cybersecurity incidents in the network infrastructure. This significantly improves cybersecurity levels, thus validating the effectiveness of Honeypots as early warning tools in the network infrastructure.