<![CDATA[The increasing complexity of cyber attacks, especially Brute Force and SQL Injection, poses a significant risk to production environments. Conventional reactive security measures are often unable to provide sufficient understanding regarding the behavior of attackers. This study designs and analyzes a "Two-Tier Deception Architecture" aimed at improving early warning capabilities without sacrificing the integrity of the production system. This architecture physically and logically separates the production environment as Tier 1 and the deception-based laboratory environment as Tier 2. By utilizing a combination of Fail2Ban and NFTables, the system stealthily redirects traffic from detected malicious actors to a separate environment hosting the Cowrie and DVWA honeypots. All security logs are collected and analyzed using a centralized ELK Stack SIEM. Evaluation using a curated dataset of 100 samples (consisting of 60 legitimate activities and 40 malicious activities) achieved a detection and redirection accuracy of 95%. The system demonstrates minimal resource usage on the production server while providing precise threat intelligence. This research shows that the inclusion of a deception tier within standard infrastructure substantially strengthens proactive defense and incident response effectiveness.]]>
Copyrights © 2026
