ANALYSIS OF THE EFFECTIVENESS VALUE OF IMPLEMENTING THE TWO-TIER DECEPTION-DRIVEN SECURITY MODEL IN CYBER SECURITY SYSTEMS

Sahrul Ramadhan; Agung Budi Sutanto; Arya Adhyaksa Waskita

doi:10.31539/h9n89079

Authors

Sahrul Ramadhan Universitas Pamulang
Agung Budi Sutanto Universitas Pamulang
Arya Adhyaksa Waskita Universitas Pamulang

DOI:

https://doi.org/10.31539/h9n89079

Abstract

The increasing complexity of cyber attacks, especially Brute Force and SQL Injection, poses a significant risk to production environments. Conventional reactive security measures are often unable to provide sufficient understanding regarding the behavior of attackers. This study designs and analyzes a "Two-Tier Deception Architecture" aimed at improving early warning capabilities without sacrificing the integrity of the production system. This architecture physically and logically separates the production environment as Tier 1 and the deception-based laboratory environment as Tier 2. By utilizing a combination of Fail2Ban and NFTables, the system stealthily redirects traffic from detected malicious actors to a separate environment hosting the Cowrie and DVWA honeypots. All security logs are collected and analyzed using a centralized ELK Stack SIEM. Evaluation using a curated dataset of 100 samples (consisting of 60 legitimate activities and 40 malicious activities) achieved a detection and redirection accuracy of 95%. The system demonstrates minimal resource usage on the production server while providing precise threat intelligence. This research shows that the inclusion of a deception tier within standard infrastructure substantially strengthens proactive defense and incident response effectiveness.

References

[1] A. B. Ajmal, M. Alam, A. A. Khaliq, S. Khan, Z. Qadir, and M. A. P. Mahmud, “Last Line of Defense: Reliability through Inducing Cyber Threat Hunting with Deception in SCADA Networks,” IEEE Access, vol. 9, pp. 126789–126800, 2021, doi: 10.1109/ACCESS.2021.3111420.

[2] A. P. Gamilla, T. D. Palaoag, and M. A. Naagas, “Enhancing reconnaissance security: a 2-tier deception-driven model approach (2TDDSM),” Indones. J. Electr. Eng. Comput. Sci., vol. 34, no. 3, pp. 1999–2006, 2024, doi: 10.11591/ijeecs.v34.i3.pp1999-2006.

[3] Z. Morić, V. Dakić, and D. Regvart, “Advancing Cybersecurity with Honeypots and Deception Strategies,” Informatics, vol. 12, no. 1, 2025, doi: 10.3390/informatics12010014.

[4] M. A. R. Al Amin, S. Shetty, L. Njilla, D. K. Tosh, and C. Kamhoua, “Hidden markov model and cyber deception for the prevention of adversarial lateral movement,” IEEE Access, vol. 9, pp. 49662–49682, 2021, doi: 10.1109/ACCESS.2021.3069105.

[5] A. Javadpour, F. Ja’fari, T. Taleb, M. Shojafar, and C. Benzaïd, “A comprehensive survey on cyber deception techniques to improve honeypot performance,” Comput. Secur., vol. 140, no. June 2023, p. 103792, 2024, doi: 10.1016/j.cose.2024.103792.

[6] A. P. Gamilla, T. D. Palaoag, and M. A. Naagas, “Probing the depths: assessing the efficacy of the two-tier deception-driven security model,” Indones. J. Electr. Eng. Comput. Sci., vol. 36, no. 3, pp. 1631–1639, 2024, doi: 10.11591/ijeecs.v36.i3.pp1631-1639.

[7] C. Susanto and M. A. Romli, “Application of Honeypot in Network Security for Detecting Cyber Attacks on it Infrastructure,” J-INTECH (Journal Inf. Technol., no. 10, pp. 24–32, 2025.

[8] P. Aggarwal, Y. Du, K. Singh, and C. Gonzalez, “Decoys in Cybersecurity : An Exploratory Study to Test the Effectiveness of,” IJCAI-21 1st Int. Work. Adapt. Cyber Def. arXiv2108.11037v1, 2020.

[9] T. Yu, Y. Xin, and C. Zhang, “HoneyFactory: Container-Based Comprehensive Cyber Deception Honeynet Architecture,” Electron., vol. 13, no. 2, 2024, doi: 10.3390/electronics13020361.

[10] M. Baçer, E. Y. Güven, and M. A. Aydin, “SSH and Telnet Protocols Attack Analysis Using Honeypot Technique,” Proc. - 6th Int. Conf. Comput. Sci. Eng. UBMK 2021, vol. 7, pp. 806–811, 2021, doi: 10.1109/UBMK52708.2021.9558948.

[11] N. Ilg, P. Duplys, D. Sisejkovic, and M. Menth, “A survey of contemporary open-source honeypots, frameworks, and tools,” J. Netw. Comput. Appl., vol. 220, no. August, p. 103737, 2023, doi: 10.1016/j.jnca.2023.103737.

[12] H. Fan, Q. Tan, R. Tan, and B. Nie, “HoneyDecoy: A Comprehensive Web-Based Parasitic Honeypot System for Enhanced Cybersecurity,” Proc. - 2023 IEEE SmartWorld, Ubiquitous Intell. Comput. Auton. Trust. Veh. Scalable Comput. Commun. Digit. Twin, Priv. Comput. Data Secur. Metaverse, SmartWorld/UIC/ATC/ScalCom/DigitalTwin/PCDS/Me, pp. 1–8, 2023, doi: 10.1109/SWC57546.2023.10448731.

[13] I. G. Adnyana, A. M. Dirgayusari, and K. J. Atmaja, “Data Visualization for Building a Cyber Attack Monitoring Dashboard Based on Honeypot,” Sink. J. dan Penelit. Tek. Inform., vol. 8, no. October, pp. 2510–2518, 2024.

[14] U. Bartwal, S. Mukhopadhyay, R. Negi, and S. Shukla, “Security Orchestration, Automation, and Response Engine for Deployment of Behavioural Honeypots,” 5th IEEE Conf. Dependable Secur. Comput. DSC 2022 SECSOC 2022 Work. PASS4IoT 2022 Work. SICSA Int. Pap. Compet. Cybersecurity, pp. 1–8, 2022, doi: 10.1109/DSC54232.2022.9888808.

[15] A. Dermawan, Yuhandri, and Sumijan, “Analisis Perbandingan Optimalisasi Port Knocking Dan Honeypot dengan Iptables Pada Server Untuk Keamanan Jaringan,” KESATRIA J. Penerapan Sist. Inf. (Komputer Manajemen), vol. 5, no. 2, pp. 543–556, 2024, [Online]. Available: https://pkm.tunasbangsa.ac.id/index.php/kesatria/article/view/364.

[16] M. Farrag, S. G. Sayed, and M. Zamzam, “Bluffing the Hackers: Automated Decoy Creation and Real-Time Cyber Deception,” 2024 7th Int. Conf. Signal Process. Inf. Secur. ICSPIS 2024, no. 1, pp. 1–6, 2024, doi: 10.1109/ICSPIS63676.2024.10812608.