1.Honeypot only collects high value data. Other security tools tend to provide gigabytes of data which needs user to find the critical data in the ocean. (Spitzner, Lance. Nov 03, 2010). Honeypot solves this problem by giving more accurate information within a clearer format. Beside, honeypot can access to the attack closely, therefore, the false negative rate and false positive rate of collection data are much lower than other monitor tools. (Spitzner, Lance. Nov 03, 2010). The data collection ability is the best weapon of honeypot.
2. Unlike most intrusion detection systems need the signature matching skill to identify the attack which can detect known attacks only. Honeypot is luring attack and collecting the signature of it. Honeypot combines the activities analyzer and the content capture mechanism together to identify the attacker. (Döring, Christian. July 01, 2005). Thus, …show more content…
Since traditional incident response policy takes effect only if the incident has happened, the detection ability is a big weakness of it. Some incident response policies choose Intrusion Detection Systems (IDS) as a solution designed for detection. However, IDS may be overwhelmed by massive network events. Also, IDS does not suitable for the system which uses Wild Area Network (WAN). Honeypot is the active protection tools, all the connections access to the honeypot are suspected by nature. When the connection is created, the honeypot will stand the connection as an unauthorized activity. (Riden, Jamie. Nov 07, 2006). The honeypot will record the signature of this action, perform content analysis and monitor its action continually. In this way, honeypots provide the strong detection function with reducing false positives and false