An Efficient Multiplex Network Model for Effective Honeypot Roaming Against DDoS Attacks

Honeypot roaming represents an effective mechanism against distributed denial of service (DDoS) attacks at the cost of system resources. Currently, the roaming frequency is set randomly, which brings the question of how often honeypots need to roam to minimize the attack impacts while preserving limited system resources. To address this challenge, this paper proposes an effective Multiplex Network Model, called MNM. First, an innovative multiplex network model composed of a normal node layer and a honeypot node layer is constructed, providing a probabilistic description of dynamical functional interaction and achieving the state transition between the two layers. Then, a condition is defined to determine whether nodes can be continuously infected during the DDoS attacks. More importantly, an optimal roaming frequency is theoretically determined using optimization theory to optimize the related parameters. A series of experimental verifications was made in three different two-layer network topologies, and the results indicate that our proposals are effective in reducing attack impacts and lowering resource consumption compared to a series of random roaming frequencies. This study can provide significant guidance for roaming honeypot design.