JECE Journal of Electrical and Computer Engineering 2090-0155 2090-0147 Hindawi Publishing Corporation 10.1155/2016/5212314 5212314 Research Article Strengthening MT6D Defenses with LXC-Based Honeypot Capabilities Basam Dileep dileepba@vt.edu Ransbottom J. Scot jransbot@vt.edu Marchany Randy marchany@vt.edu Tront Joseph G. jgtront@vt.edu Duarte Elias P. Bradley Department of Electrical and Computer Engineering Virginia Tech Blacksburg VA 24061 USA vt.edu 2016 20 4 2016 2016 05 11 2015 08 02 2016 06 03 2016 2016 Copyright © 2016 Dileep Basam et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Moving Target IPv6 Defense (MT6D) imparts radio-frequency hopping behavior to IPv6 networks by having participating nodes periodically hop onto new addresses while giving up old addresses. Our previous research efforts implemented a solution to identify and acquire these old addresses that are being discarded by MT6D hosts on a local network besides being able to monitor and visualize the incoming traffic on these addresses. This was essentially equivalent to forming a darknet out of the discarded MT6D addresses, but the solution presented in the previous research effort did not include database integration for it to scale and be extended. This paper presents a solution with a new architecture that not only extends the previous solution in terms of automation and database integration but also demonstrates the ability to deploy a honeypot on a virtual LXC (Linux Container) on-demand based on any interesting traffic pattern observed on a discarded address. The proposed architecture also allows an MT6D host to query the solution database for network activity on its relinquished addresses as a JavaScript Object Notation (JSON) object. This allows an MT6D host to identify suspicious activity on its discarded addresses and strengthen the MT6D scheme parameters accordingly. We have built a proof-of-concept for the proposed solution and analyzed the solution’s feasibility and scalability.