This paper proposes a new framework for the development and deployment of honeypots for evolving malware threats. As new technological concepts appear and evolve, attack surfaces are exploited. Internet of things significantly increases the attack surface available to malware developers. Previously independent devices are becoming accessible through new hardware and software attack vectors, and the existing taxonomies governing the development and deployment of honeypots are inadequate for evolving malicious programs and their variants. Malware‐propagation and compromise methods are highly automated and repetitious. These automated and repetitive characteristics can be exploited by using embedded reinforcement learning within a honeypot. A honeypot for automated and repetitive malware (HARM) can be adaptive so that the best responses may be learnt during its interaction with attack sequences. HARM deployments can be agile through periodic policy evaluation to optimize redeployment. The necessary enhancements for adaptive, agile honeypots require a new development and deployment framework.

中文翻译：

---

自适应和敏捷蜜罐的新框架

本文提出了用于开发和部署蜜罐的新框架，以应对不断发展的恶意软件威胁。随着新技术概念的出现和发展，攻击面得到了利用。物联网极大地增加了恶意软件开发人员可以利用的攻击面。以前可以通过新的硬件和软件攻击媒介来访问独立的设备，并且控制蜜罐开发和部署的现有分类法不足以发展恶意程序及其变体。恶意软件的传播和危害方法是高度自动化且重复的。通过在蜜罐中使用嵌入式强化学习，可以利用这些自动化和重复的特性。自动重复性恶意软件（HARM）的蜜罐可以是自适应的，以便在与攻击序列进行交互时可以获悉最佳响应。通过定期进行策略评估以优化重新部署，HARM部署可以变得敏捷。自适应敏捷蜜罐的必要增强需要一个新的开发和部署框架。