SlideShare a Scribd company logo

Detecting Intruders Using Honeypot Networks

I
ijtsrd

A honeypot is a widely used security control to capture and analyse malicious network traffic. The main goal of honeypot is to monitor and receive log data, which can later be used to prevent future attacks. It imitates the contact between emulated computer and attacker with the objective of acquiring sufficient data for effective analysis and potential prevention of attacks. A honeypot is used to detect intruders in many fields such as defence, Government sectors, enterprises, higher institutions, Banking sectors, Nuclear reactors and many more. There are two types of honeypots that are deployed for different uses research honeypots and production honeypots. Research honeypots are focused on gathering information about the attack, used specifically for the purpose of learning about hacking methodologies. Production honeypots, on the other hand, are focused primarily on diverting attacks from important systems. This work detects the type of the intruders, analyses their strategy and strength of the attack. The deployment of honeypot detects various kinds of attacks using different sensors. Server is deployed in the cloud environment and sensors can be deployed in either in cloud or in Raspberry pi or machine. Server displays the feeds from sensors which is placed over different locations. Live rendering of attacks is shown in the dashboard and honey map points the exact geographic locations using longitude and latitude values. These logs can be further used to analyses and take essential measures in defence perspectives. Anil Tom | Dr. M N Nachappa "A Study on Honeypots and Deceiving Attacker using Modern Honeypot Network" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1 , December 2020, URL: https://www.ijtsrd.com/papers/ijtsrd35900.pdf Paper URL : https://www.ijtsrd.com/computer-science/computer-security/35900/a-study-on-honeypots-and-deceiving-attacker-using-modern-honeypot-network/anil-tom

Education
1 of 6
Download to read offline
International Journal of Trend in Scientific Research and Development (IJTSRD) Volume 5 Issue 1, November-December 2020 Available Online: www.ijtsrd.com e-ISSN: 2456 – 6470 @ IJTSRD | Unique Paper ID – IJTSRD35900 | Volume – 5 | Issue – 1 | November-December 2020 Page 266 A Study on Honeypots and Deceiving Attacker using Modern Honeypot Network Anil Tom1, Dr. M N Nachappa2 1Master of Computer Application, 2Professor, 1,2Jain Deemed-to-be University, Bangalore, Karnataka, India ABSTRACT A honeypot is a widely used security control to capture and analyse malicious network traffic. The main goal of honeypot is to monitor and receive log data, which can later be used to prevent future attacks. It imitates the contact between emulated computer and attacker with the objective of acquiring sufficient data for effective analysis and potential prevention of attacks. A honeypot is used to detect intruders in many fields such as defence, Government sectors, enterprises, higherinstitutions,Bankingsectors,Nuclear reactors and many more. There are two types of honeypots that are deployed for different uses - research honeypots and production honeypots. Research honeypots are focused on gathering information about the attack, used specifically for the purpose of learning about hacking methodologies. Production honeypots, on the other hand, are focused primarily on diverting attacks from important systems. This work detects the type of the intruders, analyses their strategy and strengthoftheattack.Thedeploymentofhoneypot detects various kinds of attacks using different sensors. Server is deployed in the cloud environment and sensors can be deployed in either in cloud or in Raspberry pi or machine. Server displays the feeds from sensors which is placed over different locations. Live rendering of attacks is shown in the dashboard and honey map points the exact geographic locations using longitude and latitude values. These logs can be further used to analyses and take essential measures in defence perspectives. Keywords: Honeypot, Honeynet, Honeymap, Modern Honeypot Network How to cite this paper: Anil Tom | Dr. M N Nachappa "A Study on Honeypots and Deceiving Attacker using Modern Honeypot Network" Published in International Journal of Trend in Scientific Research and Development(ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1, December 2020, pp.266-271, URL: www.ijtsrd.com/papers/ijtsrd35900.pdf Copyright © 2020 by author(s) and International Journal ofTrendinScientific Research and Development Journal. This is an Open Access article distributed under the terms of the Creative CommonsAttribution License (CC BY 4.0) (http://creativecommons.org/licenses/by/4.0) 1. INTRODUCTION With an ever-increasing numberofmethodsandtacticsused to attack networks, the goal of securing a network must also continually expand in scope. While traditional methodssuch as Intrusion Detection System (IDS)/Intrusion Prevention Systems (IPS),Demilitarized zone(DMZ),penetrationtesting and various other tools can create a very secure network, it is best to assume vulnerabilities will always exist, and sooner or later, they will be exploited. Hence, there is a need to continuously find innovative ways of countering the threats, and one such way is to deploy honeypots on top of standard security mechanisms. If we've ever wonderedhow the good internet guys are going after the bad guys, one way is something that's called a honeypot. We see, in addition to the security measures we would expect,includingsecuringa computer network to keep cyber criminals out, the good guys use a honeypot to do just the opposite, attract the bad guys. In computer security terms, a cyber-honeypot works in a similar way, baiting a trap for hackers. It's a sacrificial computer system that is intended to attract cyber- attacks, like a decoy. It mimics a target for hackers, and uses their intrusion attempts to gain informationaboutcybercriminals and the way they are operating or to distract them from other targets. Figure 1.0 shows the overview of a honeypot. A honeypot is a computer or Raspberry Pi intendedtomimic likely targets of cyber-attacks. Figure 1.0 IJTSRD35900
International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470 @ IJTSRD | Unique Paper ID – IJTSRD35900 | Volume – 5 | Issue – 1 | November-December 2020 Page 267 It can be used to detect attacks or deflect them from a legitimate target. It can also be used to gain information about how cybercriminals operate. Honeypots mimicanorganisation’snetwork environment,whichwouldtrick a hackertoassumethatit is an actual organisation. For example, a honeypot could mimica company'scustomer billingsystem,a frequenttargetofattack for criminals who want to find credit card numbers. Once the hackersarein,theycanbetracked,andtheirbehavioursassessed for clues on how to make the real network more secure. There are many applicationsandusecasesforhoneypots,astheywork to divert malicious traffic away from important systems, get an early warning of a currentattack beforecritical systemsarehit, and gather information about attackers and their methods. A honeypot is a widely used security control to capture and analyse malicious network traffic. The main goal of honeypot is to monitor and receive log data, which can later be used to prevent futureattacks.Itimitatescontactbetween emulated computer and attacker with the objective of acquiring sufficient data for effective analysis and potential prevention of attacks. 2. OBJECTIVES The Honeypot system is used to detect the type of the intruders, analyse their strategy and strength of attack. There are two categories of honeypots that are deployed for different uses - research honeypots and production honeypots. Research honeypots are focused on gathering information about the attack, used specifically for the purpose of learning about hacking methodologies. For example, the Honeynet Project is a volunteer project that runs honeypots to assess cyber threats. Production honeypots, on the other hand, are focused primarily on diverting attacks from important systems. Information gathering is also very important, since the data can be used to furthersecurethereal productionsystems,aswell asforforensic or legal purposes. 3. TYPES The honeypots can be classified into two that are Based on level of interaction Based on purpose A. Based on level of interaction Based on the level of interactions between attacker and the system there is three types of honeypots are the that are, • Low-interaction honeypots • Medium-interaction honeypots • High-interaction honeypots Low-interaction honeypots In the Low-interaction honeypots, it have only limited interaction with the external system. We can choose FTP as anexample for the low-interaction honeypot. They are easy to deploy and maintain, with many security teams deploying multiple honeypots across different segments of their network. Medium-interaction honeypots The medium-interaction honeypots are also called as mixed-interactive honeypots. These types of honeypots are more advanced than low-interaction honeypots but less than when we compared to high-interaction honeypots. The medium- interaction honeypots gives intruder with a more advanced illusionofoperationsystem,sothatthemoreadvanced attackscan be logged to our system and we can analyse that. They emulate aspects of the application layer, but do not have their own operating system. They work to stall or confuse attackers so that organisation’s have more time to figure out how to properly react to an attack. High-interaction honeypots The high-interaction honeypots are the most sophisticated types of honeypots. It actually look like a same as the original and which gives the intruder or attacker the realistic experience andsothatwecangetmoreadvancedlogsabouttheattack andwe can analysis it. This type of honeypot allows the deploying organisation to see attacker behaviours and techniques. High- interaction honeypots are resource-intensive and come with maintenance challenges, but the findings can be worth the squeeze. B. Based on purpose Based on the purpose we can classify it two, • Research honeypots • Production honeypots Research honeypots Research honeypots are focused on gathering information about the attack, used specifically for the purposeoflearningabout hacking methodologies. Production honeypots Production honeypots, on the other hand, are focused primarily on diverting attacks from important systems. Information gathering is also very important, since the data can be used to furthersecurethereal productionsystems,aswell asforforensic or legal purposes.
International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470 @ IJTSRD | Unique Paper ID – IJTSRD35900 | Volume – 5 | Issue – 1 | November-December 2020 Page 268 4. DECEIVING ATTACKER USING HONEYPOT Honeypots are decoy systems or servers deployed alongside production systems within our network. When deployed as enticing targets for attackers, honeypots can add security monitoringopportunitiesfor blueteamsandmisdirecttheadversary from their true target. Honeypots come in a variety of complexities depending on the needs of our organisation and can be a significant line of defence when it comes to flagging attacks early. Therearemanyapplicationsandusercasesforhoneypots,as they work to divert malicious traffic away from important systems, get an early warning of a current attack before critical systems are hit, and gather information about attackers and their methods. If the honeypots neither contain confidential data nor well-monitored, one can get insight on attacker tools, tactics,andprocedures(TTPs)andgatherforensicandlegal evidence without putting the rest of our network at risk. Figure 4.0 shows the steps in the deployment of a honeypot. Figure 4.0 Deployment of Honeypot 4.1. COMPONENTS Honeypot is basically divided into two components: server and sensor. Each component is designedwithcertaintechnologies. A. Server part includes the following: AWS Cloud The server part of honeypot is deployed in cloud platform. A web-service is enabled to get a user friendly dashboard, Resultor retrieved data from the sensor will be updated over there. Simple UI is designed for the webpage so that output can be easily accessed. Hp Feeds It is a light weight authenticated publish-subscribe protocol. It hasa simplewire-formatsothateveryoneisabletosubscribeto the feeds with their favourite language in almost no time. Mnemosyne This technology is used for efficient learning. Flash-card tool in mnemosyneoptimizes thelearning process.Mnemosyneusesa sophisticated algorithm to schedule the best time for a card to come up for review. Difficultcardsthatwetendtoforgetquickly will be scheduled more often, while Mnemosyne won't waste our time on things we remember well. HoneyMap HoneyMap is a web application which visualizes a live stream of GPS locations on a SVG world map. In principle, it can be used with any stream of GPS data. Programmers use captures from honeypot, provided by several hpfeeds from the Honeynet Mongo DB It is a cross-platform document oriented database program. Classifiedasa NoSQL databaseprogram,itisa documentdatabase, which means it stores data in JSON-like documents. Also known as an unstructured database. B. Sensor part includes the following: Snort Snort is open source, lightweight Network IDS for Linux and window to detect threats. Snort can do protocol analysis, content searching/matching, it is also used to detect attacks and probes.
International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470 @ IJTSRD | Unique Paper ID – IJTSRD35900 | Volume – 5 | Issue – 1 | November-December 2020 Page 269 Dionaea It is used to trap malware exploiting vulnerabilities exposed by service offered to networks. The action is to trap or exploit malware that attacks the tissue, and its main purpose is to obtain a copy of the malware. Conpot It is a low interactive server-side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols. Protocol stacks and templates are created so that Conpot can resemble a real hardware (Uranium centrifuge, Power grid, Aircraft carrier etc.). Amun Anum is a lightweight and flexible low-interaction honeypot, which is made to capture malware that spreads by exploiting server based vulnerabilities. In our system amun tries to put Drupal (ContentManagementSystem)asbaitinfrontof attackers. 4.2. SYSTEM ARCHITECTURE Honeypot comprises of server and sensor side components. Sensor-side honeypots are a combination of different kinds of honeypots which are deployed for specific tasks. On the other hand, Server-side honeypots deal with the data retrievedbythe sensors for output representation. Rather than being a single system, a combination of multiple honeypots deployed in a network is called Honeynet. Figure 4.2 shows the honeypot architecture. In the sensor, honeypot captures all traffic which comes to the environment. Each honeypot captures different kinds of attack for which it is designed. Alertfromthesensor will be sent to the server module. Each sensor is embedded with a network scanner and IP tracker. Figure 4.2 Architecture of Honeypot Sensors are hosts in a system or cloud or Raspberry Pi. Server is hosted in a cloud platform so that it won't be shut down during power failure. Cloud is economicandhasa vast storage space. Alert received from the sensor is inthebinary format, Hpfeeds converts the binary format into readable language. Output delivered from Hpfeeds will be stored in the Mongo database using a learning tool Mnemosyne.Snort contains certain ruleswhichareconsideredasparametersto detect malicious content in network traffic. Dashboard or UI provided in the web application which is hosted on the server. Honeymap provide a livestreamingoffGPSlocations. 5. Results and Analysis Deployed server records all the input provided from the sensors which consist of multiple honeypots. Each sensor captures specific kind of attacks,storedlogsanddisplayedin dashboard which is provided in the web service hosted on the server. The different sensors and the corresponding attack reports are discussed below: 5.1. Dionaea Dionaea sensor (deployed in cloud) with public DNS (IPv4) 54.209.14.173 captures malware attack from Columbia, Russia, France, USA, Brazil etc. Detailed explanation of source IP, Destination ports, Protocol through the attack mitigated and date and time of attack capture are given in figure 5.1. The countries are represented by their national flags. Figure 5.1 5.2. Amun The attack report of Amun sensor is shown in figure5.2. The attackers targeted the famous ports like 445 (HTTPS), 8080 (HTTP Alternate), 23 (Telnet), 587 (SMTP) and penetrate into Amun sensor using Microsoft-ds, Submission, Telnet, http-alt etc. Sensor has hosted in network IP 172.31.40.145
International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470 @ IJTSRD | Unique Paper ID – IJTSRD35900 | Volume – 5 | Issue – 1 | November-December 2020 Page 270 and it been targeted by Eagle eyes from China, USA, India, Taiwan etc. Content Management System (CMS) and Drupal service is provided in this sensor, which helps to analyse the targeted attacks and tactics. Figure 5.2 5.3. Cowrie Cowrie is the same as Kippo which is used to capture the brute-force attack and enumerate the strength of it or in other how many combination attackers tried in this attack. Usually this attack targets port 22 (SSH). The figure 5.3 shows the attacks from Macedonia, Russia andFrancewhich is captured in common. Figure 5.4 shows the number of combinations of password used in an attempt. The attacker with source IP 85.209.0.100 tries single combinations of password at a time, this shows the strength of brute-force attack is low. Figure 5.3 Attack report of Cowrie Figure 5.4 Strength of Brute-force attacks in Cowrie 5.4. Snort Snort is a popular IDS system which helps to block all the malicious traffic. Usually snort consists of certain rules which contain popular malware signatures which helps it to identify the malicious content of traffic. Figure 5.5 depicts the source of attack which is scattered in Russia, China, Germany, France etc. They tried to penetrate through different ports, but they followedthesameprotocol.Because malicious IPs, signatures and its traffic are blacklisted already, IDS defends and blocks the traffic from those IPs. Figure 5.5 Attack report of Snort Snort rules are a different methodology for performing detection. It is based on detecting the actual vulnerability. Figure 5.6 Snort Rules Snort rules are depicted in figure 5.6. The keywords in the figure are explained below: SID is used to uniquely identify Snort rule REV is used to uniquely identify revisions of Snort rules Class Type is used to categorize a rule as detectinganattack that is part of a more general type of attack class Reference allows the rules to include references to external sources of information It is considered that snort id is a unique identifier for each rule. It allows output plugins to identify rules easily and should be used with the Rev (revision) keyword. 5.5. Conpot The Conpot results in figure 5.7 concludesthatthesekindsof attacks are rare, but strong enough to break into bigger attacks. It captures logs from port 502 (TCP/UDP). The USA is the leading source in this attack where France, Switzerland and Canada hold the corresponding positions.
International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470 @ IJTSRD | Unique Paper ID – IJTSRD35900 | Volume – 5 | Issue – 1 | November-December 2020 Page 271 According to the pattern observed from the report, the source locations are clustered. Figure 5.7 Attack report of Conpot 5.6. Honeymaps Honeymap is a web application which visualizes a live stream of GPS locations on a SVG world map. It can be used with any stream of GPS data which will provide actual latitude and longitude value as it is given in figure 5.8. Figure 5.8 Honey map 6. CONCLUSION Once the honeypot management system is implemented, all the honeypots managed to outwit the attackers by opening ports on a server that turned these ports into a hoax are cleared to record the suspicious activities of the attackers. Although the action of intrusion into the system is not optimal, the results are displayedonthewebinterface which could complement each other in providing information to administrators for further action. Honeypots like Amun, Dionaea, Cowrie, Snort and Conpot are managed to deceive the attackers by opening ports in servers that are often targeted by attackers. 7. FUTURE ENHANCEMENT Malware analysis can also be embedded into this system. Captured signatures of malware as reference an improved supervised learning can implement in future which can improve the system as well as fasten the entire process. 8. REFERENCES [1] Haris Semic and Sasa Mrdovic,"IoThoneypot:a multi- component solution for handling manual and Mirai- based attacks”, IEEE Open Access Journal, vol.6, November 2017. [2] Muhammet Baykara and Resul Das, “A novel honeypot-based security approach for real-time intrusion detection and prevention systems”, Journal of Information Security and Applications, vol.41, December 2018. [3] Jicha, Arthur, Mark Patton, and Hsinchun Chen. "SCADA honeypots: An in-depth analysis of Conpot", IEEE conference on intelligence and security informatics (ISI). IEEE, 2016. [4] M. S. Durairajan, R. Saravanan and S. Sibi Chakkaravarthy, “Low interaction honeypot: a defense against cyber-attacks”, Journal of Computational and Theoretical Nanoscience, vol.13, January 2016. [5] Feng, X., Li, Q., Wang, H., & Sun, L. "Characterizing industrial control system devices on the internet”, IEEE 24th International Conference on Network Protocols (ICNP), 2016. [6] Rushikesh Katkam “Study on Honeypot based secure Network System”, International Journal of Advanced Research in Computer Science, vol.10, November 2019. [7] https://blog.rapid7.com/2016/12/06/ [8] www.honeynet.org/projects/active/conpot/ [9] www.honeynet.org/projects/active/dionaea/ [10] https://www.kaspersky.com/resource-center [11] www.honeynet.org/projects/active/honeytrap/

Recommended

Peripheral Review and Analysis of Internet Network Security
Peripheral Review and Analysis of Internet Network SecurityPeripheral Review and Analysis of Internet Network Security
Peripheral Review and Analysis of Internet Network SecurityIJRES Journal
 
Comparison study of machine learning classifiers to detect anomalies
Comparison study of machine learning classifiers to detect anomalies Comparison study of machine learning classifiers to detect anomalies
Comparison study of machine learning classifiers to detect anomalies IJECEIAES
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofingijtsrd
 
Hybrid Intrusion Detection System using Weighted Signature Generation over An...
Hybrid Intrusion Detection System using Weighted Signature Generation over An...Hybrid Intrusion Detection System using Weighted Signature Generation over An...
Hybrid Intrusion Detection System using Weighted Signature Generation over An...Editor IJMTER
 
IJET-V3I2P16
IJET-V3I2P16IJET-V3I2P16
IJET-V3I2P16IJET - International Journal of Engineering and Techniques
 
Study and Analysis of Big Data Security Analytics for Protecting Cloud Based ...
Study and Analysis of Big Data Security Analytics for Protecting Cloud Based ...Study and Analysis of Big Data Security Analytics for Protecting Cloud Based ...
Study and Analysis of Big Data Security Analytics for Protecting Cloud Based ...ijtsrd
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesamit kumar
 

Recommended

Peripheral Review and Analysis of Internet Network Security
Peripheral Review and Analysis of Internet Network SecurityPeripheral Review and Analysis of Internet Network Security
Peripheral Review and Analysis of Internet Network SecurityIJRES Journal
 
Comparison study of machine learning classifiers to detect anomalies
Comparison study of machine learning classifiers to detect anomalies Comparison study of machine learning classifiers to detect anomalies
Comparison study of machine learning classifiers to detect anomalies IJECEIAES
 
IP Spoofing
IP SpoofingIP Spoofing
IP Spoofingijtsrd
 
Hybrid Intrusion Detection System using Weighted Signature Generation over An...
Hybrid Intrusion Detection System using Weighted Signature Generation over An...Hybrid Intrusion Detection System using Weighted Signature Generation over An...
Hybrid Intrusion Detection System using Weighted Signature Generation over An...Editor IJMTER
 
IJET-V3I2P16
IJET-V3I2P16IJET-V3I2P16
IJET-V3I2P16IJET - International Journal of Engineering and Techniques
 
Study and Analysis of Big Data Security Analytics for Protecting Cloud Based ...
Study and Analysis of Big Data Security Analytics for Protecting Cloud Based ...Study and Analysis of Big Data Security Analytics for Protecting Cloud Based ...
Study and Analysis of Big Data Security Analytics for Protecting Cloud Based ...ijtsrd
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesamit kumar
 
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...ijtsrd
 
Information Sharing of Cyber Threat Intelligence with their Issue and Challenges
Information Sharing of Cyber Threat Intelligence with their Issue and ChallengesInformation Sharing of Cyber Threat Intelligence with their Issue and Challenges
Information Sharing of Cyber Threat Intelligence with their Issue and Challengesijtsrd
 
ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...
ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...
ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...IJNSA Journal
 
Threat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & AcquisitionThreat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & AcquisitionEC-Council
 
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...REVULN
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTparthan t
 
Honeypots
HoneypotsHoneypots
HoneypotsBilal ZIANE
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief OverviewSILPI ROSAN
 
Honeypots
HoneypotsHoneypots
HoneypotsSARANYA S
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its typesVishal Tandel
 
Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Ravindra Singh Rathore
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
Lecture 7
Lecture 7Lecture 7
Lecture 7Education
 
N44096972
N44096972N44096972
N44096972IJERA Editor
 
Data Sheet_What Darktrace Finds
Data Sheet_What Darktrace FindsData Sheet_What Darktrace Finds
Data Sheet_What Darktrace FindsMelissa Lim
 
Honey pot in cloud computing
Honey pot in cloud computingHoney pot in cloud computing
Honey pot in cloud computingأحلام انصارى
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on HoneypotAmit Poonia
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Vertex Holdings
 
Honeypots
HoneypotsHoneypots
HoneypotsPresentaionslive.blogspot.com
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixFrode Hommedal
 
Honeypot Methods and Applications
Honeypot Methods and ApplicationsHoneypot Methods and Applications
Honeypot Methods and Applicationsijtsrd
 
Honeypot- An Overview
Honeypot- An OverviewHoneypot- An Overview
Honeypot- An OverviewIRJET Journal
 

More Related Content

What's hot

An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...ijtsrd
 
Information Sharing of Cyber Threat Intelligence with their Issue and Challenges
Information Sharing of Cyber Threat Intelligence with their Issue and ChallengesInformation Sharing of Cyber Threat Intelligence with their Issue and Challenges
Information Sharing of Cyber Threat Intelligence with their Issue and Challengesijtsrd
 
ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...
ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...
ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...IJNSA Journal
 
Threat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & AcquisitionThreat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & AcquisitionEC-Council
 
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...REVULN
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTparthan t
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief OverviewSILPI ROSAN
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its typesVishal Tandel
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
Data Sheet_What Darktrace Finds
Data Sheet_What Darktrace FindsData Sheet_What Darktrace Finds
Data Sheet_What Darktrace FindsMelissa Lim
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on HoneypotAmit Poonia
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Vertex Holdings
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixFrode Hommedal
 

What's hot (20)

An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
 
Information Sharing of Cyber Threat Intelligence with their Issue and Challenges
Information Sharing of Cyber Threat Intelligence with their Issue and ChallengesInformation Sharing of Cyber Threat Intelligence with their Issue and Challenges
Information Sharing of Cyber Threat Intelligence with their Issue and Challenges
 
ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...
ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...
ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...
 
Threat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & AcquisitionThreat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & Acquisition
 
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPT
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief Overview
 
Honeypots
HoneypotsHoneypots
Honeypots
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its types
 
Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
Lecture 7
Lecture 7Lecture 7
Lecture 7
 
N44096972
N44096972N44096972
N44096972
 
Data Sheet_What Darktrace Finds
Data Sheet_What Darktrace FindsData Sheet_What Darktrace Finds
Data Sheet_What Darktrace Finds
 
Honey pot in cloud computing
Honey pot in cloud computingHoney pot in cloud computing
Honey pot in cloud computing
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on Honeypot
 
Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.Cybersecurity | Risk. Impact. Innovations.
Cybersecurity | Risk. Impact. Innovations.
 
Honeypots
HoneypotsHoneypots
Honeypots
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence Matrix
 

Similar to Detecting Intruders Using Honeypot Networks

Honeypot Methods and Applications
Honeypot Methods and ApplicationsHoneypot Methods and Applications
Honeypot Methods and Applicationsijtsrd
 
Honeypot- An Overview
Honeypot- An OverviewHoneypot- An Overview
Honeypot- An OverviewIRJET Journal
 
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...IJERA Editor
 
IRJET- A Cloud based Honeynet System for Attack Detection using Machine Learn...
IRJET- A Cloud based Honeynet System for Attack Detection using Machine Learn...IRJET- A Cloud based Honeynet System for Attack Detection using Machine Learn...
IRJET- A Cloud based Honeynet System for Attack Detection using Machine Learn...IRJET Journal
 
IRJET- A Review on Honeypots
IRJET- A Review on HoneypotsIRJET- A Review on Honeypots
IRJET- A Review on HoneypotsIRJET Journal
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingijtsrd
 
IRJET- Phishdect & Mitigator: SDN based Phishing Attack Detection
IRJET- Phishdect & Mitigator: SDN based Phishing Attack DetectionIRJET- Phishdect & Mitigator: SDN based Phishing Attack Detection
IRJET- Phishdect & Mitigator: SDN based Phishing Attack DetectionIRJET Journal
 
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...ijtsrd
 
An Extensive Survey of Intrusion Detection Systems
An Extensive Survey of Intrusion Detection SystemsAn Extensive Survey of Intrusion Detection Systems
An Extensive Survey of Intrusion Detection SystemsIRJET Journal
 
Survey of apt and other attacks with reliable security schemes in manet
Survey of apt and other attacks with reliable security schemes in manetSurvey of apt and other attacks with reliable security schemes in manet
Survey of apt and other attacks with reliable security schemes in manetijctet
 
IRJET- Security Risk Assessment on Social Media using Artificial Intellig...
IRJET- Security Risk Assessment on Social Media using Artificial Intellig...IRJET- Security Risk Assessment on Social Media using Artificial Intellig...
IRJET- Security Risk Assessment on Social Media using Artificial Intellig...IRJET Journal
 
A Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackA Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackCSCJournals
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree ModelingDesigning Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree Modelingijtsrd
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationE.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationKen Flott
 
Detection &Amp; Prevention Systems
Detection &Amp; Prevention SystemsDetection &Amp; Prevention Systems
Detection &Amp; Prevention SystemsAlison Hall
 
An Intrusion Detection based on Data mining technique and its intended import...
An Intrusion Detection based on Data mining technique and its intended import...An Intrusion Detection based on Data mining technique and its intended import...
An Intrusion Detection based on Data mining technique and its intended import...Editor IJMTER
 
IRJET- Data Security using Honeypot System
IRJET- Data Security using Honeypot SystemIRJET- Data Security using Honeypot System
IRJET- Data Security using Honeypot SystemIRJET Journal
 

Similar to Detecting Intruders Using Honeypot Networks (20)

Honeypot Methods and Applications
Honeypot Methods and ApplicationsHoneypot Methods and Applications
Honeypot Methods and Applications
 
Honeypot- An Overview
Honeypot- An OverviewHoneypot- An Overview
Honeypot- An Overview
 
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
 
IRJET- A Cloud based Honeynet System for Attack Detection using Machine Learn...
IRJET- A Cloud based Honeynet System for Attack Detection using Machine Learn...IRJET- A Cloud based Honeynet System for Attack Detection using Machine Learn...
IRJET- A Cloud based Honeynet System for Attack Detection using Machine Learn...
 
IRJET- A Review on Honeypots
IRJET- A Review on HoneypotsIRJET- A Review on Honeypots
IRJET- A Review on Honeypots
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
IRJET- Phishdect & Mitigator: SDN based Phishing Attack Detection
IRJET- Phishdect & Mitigator: SDN based Phishing Attack DetectionIRJET- Phishdect & Mitigator: SDN based Phishing Attack Detection
IRJET- Phishdect & Mitigator: SDN based Phishing Attack Detection
 
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
 
An Extensive Survey of Intrusion Detection Systems
An Extensive Survey of Intrusion Detection SystemsAn Extensive Survey of Intrusion Detection Systems
An Extensive Survey of Intrusion Detection Systems
 
Survey of apt and other attacks with reliable security schemes in manet
Survey of apt and other attacks with reliable security schemes in manetSurvey of apt and other attacks with reliable security schemes in manet
Survey of apt and other attacks with reliable security schemes in manet
 
IRJET- Security Risk Assessment on Social Media using Artificial Intellig...
IRJET- Security Risk Assessment on Social Media using Artificial Intellig...IRJET- Security Risk Assessment on Social Media using Artificial Intellig...
IRJET- Security Risk Assessment on Social Media using Artificial Intellig...
 
A Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits AttackA Mitigation Technique For Internet Security Threat of Toolkits Attack
A Mitigation Technique For Internet Security Threat of Toolkits Attack
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree ModelingDesigning Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree Modeling
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot Essentials
 
Detection &Amp; Prevention Systems
Detection &Amp; Prevention SystemsDetection &Amp; Prevention Systems
Detection &Amp; Prevention Systems
 
An Intrusion Detection based on Data mining technique and its intended import...
An Intrusion Detection based on Data mining technique and its intended import...An Intrusion Detection based on Data mining technique and its intended import...
An Intrusion Detection based on Data mining technique and its intended import...
 
IRJET- Data Security using Honeypot System
IRJET- Data Security using Honeypot SystemIRJET- Data Security using Honeypot System
IRJET- Data Security using Honeypot System
 

More from ijtsrd

‘Six Sigma Technique’ A Journey Through its Implementation
‘Six Sigma Technique’ A Journey Through its Implementation‘Six Sigma Technique’ A Journey Through its Implementation
‘Six Sigma Technique’ A Journey Through its Implementationijtsrd
 
Edge Computing in Space Enhancing Data Processing and Communication for Space...
Edge Computing in Space Enhancing Data Processing and Communication for Space...Edge Computing in Space Enhancing Data Processing and Communication for Space...
Edge Computing in Space Enhancing Data Processing and Communication for Space...ijtsrd
 
Dynamics of Communal Politics in 21st Century India Challenges and Prospects
Dynamics of Communal Politics in 21st Century India Challenges and ProspectsDynamics of Communal Politics in 21st Century India Challenges and Prospects
Dynamics of Communal Politics in 21st Century India Challenges and Prospectsijtsrd
 
Assess Perspective and Knowledge of Healthcare Providers Towards Elehealth in...
Assess Perspective and Knowledge of Healthcare Providers Towards Elehealth in...Assess Perspective and Knowledge of Healthcare Providers Towards Elehealth in...
Assess Perspective and Knowledge of Healthcare Providers Towards Elehealth in...ijtsrd
 
The Impact of Digital Media on the Decentralization of Power and the Erosion ...
The Impact of Digital Media on the Decentralization of Power and the Erosion ...The Impact of Digital Media on the Decentralization of Power and the Erosion ...
The Impact of Digital Media on the Decentralization of Power and the Erosion ...ijtsrd
 
Online Voices, Offline Impact Ambedkars Ideals and Socio Political Inclusion ...
Online Voices, Offline Impact Ambedkars Ideals and Socio Political Inclusion ...Online Voices, Offline Impact Ambedkars Ideals and Socio Political Inclusion ...
Online Voices, Offline Impact Ambedkars Ideals and Socio Political Inclusion ...ijtsrd
 
Problems and Challenges of Agro Entreprenurship A Study
Problems and Challenges of Agro Entreprenurship A StudyProblems and Challenges of Agro Entreprenurship A Study
Problems and Challenges of Agro Entreprenurship A Studyijtsrd
 
Comparative Analysis of Total Corporate Disclosure of Selected IT Companies o...
Comparative Analysis of Total Corporate Disclosure of Selected IT Companies o...Comparative Analysis of Total Corporate Disclosure of Selected IT Companies o...
Comparative Analysis of Total Corporate Disclosure of Selected IT Companies o...ijtsrd
 
The Impact of Educational Background and Professional Training on Human Right...
The Impact of Educational Background and Professional Training on Human Right...The Impact of Educational Background and Professional Training on Human Right...
The Impact of Educational Background and Professional Training on Human Right...ijtsrd
 
A Study on the Effective Teaching Learning Process in English Curriculum at t...
A Study on the Effective Teaching Learning Process in English Curriculum at t...A Study on the Effective Teaching Learning Process in English Curriculum at t...
A Study on the Effective Teaching Learning Process in English Curriculum at t...ijtsrd
 
The Role of Mentoring and Its Influence on the Effectiveness of the Teaching ...
The Role of Mentoring and Its Influence on the Effectiveness of the Teaching ...The Role of Mentoring and Its Influence on the Effectiveness of the Teaching ...
The Role of Mentoring and Its Influence on the Effectiveness of the Teaching ...ijtsrd
 
Design Simulation and Hardware Construction of an Arduino Microcontroller Bas...
Design Simulation and Hardware Construction of an Arduino Microcontroller Bas...Design Simulation and Hardware Construction of an Arduino Microcontroller Bas...
Design Simulation and Hardware Construction of an Arduino Microcontroller Bas...ijtsrd
 
Sustainable Energy by Paul A. Adekunte | Matthew N. O. Sadiku | Janet O. Sadiku
Sustainable Energy by Paul A. Adekunte | Matthew N. O. Sadiku | Janet O. SadikuSustainable Energy by Paul A. Adekunte | Matthew N. O. Sadiku | Janet O. Sadiku
Sustainable Energy by Paul A. Adekunte | Matthew N. O. Sadiku | Janet O. Sadikuijtsrd
 
Concepts for Sudan Survey Act Implementations Executive Regulations and Stand...
Concepts for Sudan Survey Act Implementations Executive Regulations and Stand...Concepts for Sudan Survey Act Implementations Executive Regulations and Stand...
Concepts for Sudan Survey Act Implementations Executive Regulations and Stand...ijtsrd
 
Towards the Implementation of the Sudan Interpolated Geoid Model Khartoum Sta...
Towards the Implementation of the Sudan Interpolated Geoid Model Khartoum Sta...Towards the Implementation of the Sudan Interpolated Geoid Model Khartoum Sta...
Towards the Implementation of the Sudan Interpolated Geoid Model Khartoum Sta...ijtsrd
 
Activating Geospatial Information for Sudans Sustainable Investment Map
Activating Geospatial Information for Sudans Sustainable Investment MapActivating Geospatial Information for Sudans Sustainable Investment Map
Activating Geospatial Information for Sudans Sustainable Investment Mapijtsrd
 
Educational Unity Embracing Diversity for a Stronger Society
Educational Unity Embracing Diversity for a Stronger SocietyEducational Unity Embracing Diversity for a Stronger Society
Educational Unity Embracing Diversity for a Stronger Societyijtsrd
 
Integration of Indian Indigenous Knowledge System in Management Prospects and...
Integration of Indian Indigenous Knowledge System in Management Prospects and...Integration of Indian Indigenous Knowledge System in Management Prospects and...
Integration of Indian Indigenous Knowledge System in Management Prospects and...ijtsrd
 
DeepMask Transforming Face Mask Identification for Better Pandemic Control in...
DeepMask Transforming Face Mask Identification for Better Pandemic Control in...DeepMask Transforming Face Mask Identification for Better Pandemic Control in...
DeepMask Transforming Face Mask Identification for Better Pandemic Control in...ijtsrd
 
Streamlining Data Collection eCRF Design and Machine Learning
Streamlining Data Collection eCRF Design and Machine LearningStreamlining Data Collection eCRF Design and Machine Learning
Streamlining Data Collection eCRF Design and Machine Learningijtsrd
 

More from ijtsrd (20)

‘Six Sigma Technique’ A Journey Through its Implementation
‘Six Sigma Technique’ A Journey Through its Implementation‘Six Sigma Technique’ A Journey Through its Implementation
‘Six Sigma Technique’ A Journey Through its Implementation
 
Edge Computing in Space Enhancing Data Processing and Communication for Space...
Edge Computing in Space Enhancing Data Processing and Communication for Space...Edge Computing in Space Enhancing Data Processing and Communication for Space...
Edge Computing in Space Enhancing Data Processing and Communication for Space...
 
Dynamics of Communal Politics in 21st Century India Challenges and Prospects
Dynamics of Communal Politics in 21st Century India Challenges and ProspectsDynamics of Communal Politics in 21st Century India Challenges and Prospects
Dynamics of Communal Politics in 21st Century India Challenges and Prospects
 
Assess Perspective and Knowledge of Healthcare Providers Towards Elehealth in...
Assess Perspective and Knowledge of Healthcare Providers Towards Elehealth in...Assess Perspective and Knowledge of Healthcare Providers Towards Elehealth in...
Assess Perspective and Knowledge of Healthcare Providers Towards Elehealth in...
 
The Impact of Digital Media on the Decentralization of Power and the Erosion ...
The Impact of Digital Media on the Decentralization of Power and the Erosion ...The Impact of Digital Media on the Decentralization of Power and the Erosion ...
The Impact of Digital Media on the Decentralization of Power and the Erosion ...
 
Online Voices, Offline Impact Ambedkars Ideals and Socio Political Inclusion ...
Online Voices, Offline Impact Ambedkars Ideals and Socio Political Inclusion ...Online Voices, Offline Impact Ambedkars Ideals and Socio Political Inclusion ...
Online Voices, Offline Impact Ambedkars Ideals and Socio Political Inclusion ...
 
Problems and Challenges of Agro Entreprenurship A Study
Problems and Challenges of Agro Entreprenurship A StudyProblems and Challenges of Agro Entreprenurship A Study
Problems and Challenges of Agro Entreprenurship A Study
 
Comparative Analysis of Total Corporate Disclosure of Selected IT Companies o...
Comparative Analysis of Total Corporate Disclosure of Selected IT Companies o...Comparative Analysis of Total Corporate Disclosure of Selected IT Companies o...
Comparative Analysis of Total Corporate Disclosure of Selected IT Companies o...
 
The Impact of Educational Background and Professional Training on Human Right...
The Impact of Educational Background and Professional Training on Human Right...The Impact of Educational Background and Professional Training on Human Right...
The Impact of Educational Background and Professional Training on Human Right...
 
A Study on the Effective Teaching Learning Process in English Curriculum at t...
A Study on the Effective Teaching Learning Process in English Curriculum at t...A Study on the Effective Teaching Learning Process in English Curriculum at t...
A Study on the Effective Teaching Learning Process in English Curriculum at t...
 
The Role of Mentoring and Its Influence on the Effectiveness of the Teaching ...
The Role of Mentoring and Its Influence on the Effectiveness of the Teaching ...The Role of Mentoring and Its Influence on the Effectiveness of the Teaching ...
The Role of Mentoring and Its Influence on the Effectiveness of the Teaching ...
 
Design Simulation and Hardware Construction of an Arduino Microcontroller Bas...
Design Simulation and Hardware Construction of an Arduino Microcontroller Bas...Design Simulation and Hardware Construction of an Arduino Microcontroller Bas...
Design Simulation and Hardware Construction of an Arduino Microcontroller Bas...
 
Sustainable Energy by Paul A. Adekunte | Matthew N. O. Sadiku | Janet O. Sadiku
Sustainable Energy by Paul A. Adekunte | Matthew N. O. Sadiku | Janet O. SadikuSustainable Energy by Paul A. Adekunte | Matthew N. O. Sadiku | Janet O. Sadiku
Sustainable Energy by Paul A. Adekunte | Matthew N. O. Sadiku | Janet O. Sadiku
 
Concepts for Sudan Survey Act Implementations Executive Regulations and Stand...
Concepts for Sudan Survey Act Implementations Executive Regulations and Stand...Concepts for Sudan Survey Act Implementations Executive Regulations and Stand...
Concepts for Sudan Survey Act Implementations Executive Regulations and Stand...
 
Towards the Implementation of the Sudan Interpolated Geoid Model Khartoum Sta...
Towards the Implementation of the Sudan Interpolated Geoid Model Khartoum Sta...Towards the Implementation of the Sudan Interpolated Geoid Model Khartoum Sta...
Towards the Implementation of the Sudan Interpolated Geoid Model Khartoum Sta...
 
Activating Geospatial Information for Sudans Sustainable Investment Map
Activating Geospatial Information for Sudans Sustainable Investment MapActivating Geospatial Information for Sudans Sustainable Investment Map
Activating Geospatial Information for Sudans Sustainable Investment Map
 
Educational Unity Embracing Diversity for a Stronger Society
Educational Unity Embracing Diversity for a Stronger SocietyEducational Unity Embracing Diversity for a Stronger Society
Educational Unity Embracing Diversity for a Stronger Society
 
Integration of Indian Indigenous Knowledge System in Management Prospects and...
Integration of Indian Indigenous Knowledge System in Management Prospects and...Integration of Indian Indigenous Knowledge System in Management Prospects and...
Integration of Indian Indigenous Knowledge System in Management Prospects and...
 
DeepMask Transforming Face Mask Identification for Better Pandemic Control in...
DeepMask Transforming Face Mask Identification for Better Pandemic Control in...DeepMask Transforming Face Mask Identification for Better Pandemic Control in...
DeepMask Transforming Face Mask Identification for Better Pandemic Control in...
 
Streamlining Data Collection eCRF Design and Machine Learning
Streamlining Data Collection eCRF Design and Machine LearningStreamlining Data Collection eCRF Design and Machine Learning
Streamlining Data Collection eCRF Design and Machine Learning
 

Recently uploaded

microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...RKavithamani
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 

Recently uploaded (20)

INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 

Detecting Intruders Using Honeypot Networks

  • 1. International Journal of Trend in Scientific Research and Development (IJTSRD) Volume 5 Issue 1, November-December 2020 Available Online: www.ijtsrd.com e-ISSN: 2456 – 6470 @ IJTSRD | Unique Paper ID – IJTSRD35900 | Volume – 5 | Issue – 1 | November-December 2020 Page 266 A Study on Honeypots and Deceiving Attacker using Modern Honeypot Network Anil Tom1, Dr. M N Nachappa2 1Master of Computer Application, 2Professor, 1,2Jain Deemed-to-be University, Bangalore, Karnataka, India ABSTRACT A honeypot is a widely used security control to capture and analyse malicious network traffic. The main goal of honeypot is to monitor and receive log data, which can later be used to prevent future attacks. It imitates the contact between emulated computer and attacker with the objective of acquiring sufficient data for effective analysis and potential prevention of attacks. A honeypot is used to detect intruders in many fields such as defence, Government sectors, enterprises, higherinstitutions,Bankingsectors,Nuclear reactors and many more. There are two types of honeypots that are deployed for different uses - research honeypots and production honeypots. Research honeypots are focused on gathering information about the attack, used specifically for the purpose of learning about hacking methodologies. Production honeypots, on the other hand, are focused primarily on diverting attacks from important systems. This work detects the type of the intruders, analyses their strategy and strengthoftheattack.Thedeploymentofhoneypot detects various kinds of attacks using different sensors. Server is deployed in the cloud environment and sensors can be deployed in either in cloud or in Raspberry pi or machine. Server displays the feeds from sensors which is placed over different locations. Live rendering of attacks is shown in the dashboard and honey map points the exact geographic locations using longitude and latitude values. These logs can be further used to analyses and take essential measures in defence perspectives. Keywords: Honeypot, Honeynet, Honeymap, Modern Honeypot Network How to cite this paper: Anil Tom | Dr. M N Nachappa "A Study on Honeypots and Deceiving Attacker using Modern Honeypot Network" Published in International Journal of Trend in Scientific Research and Development(ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-1, December 2020, pp.266-271, URL: www.ijtsrd.com/papers/ijtsrd35900.pdf Copyright © 2020 by author(s) and International Journal ofTrendinScientific Research and Development Journal. This is an Open Access article distributed under the terms of the Creative CommonsAttribution License (CC BY 4.0) (http://creativecommons.org/licenses/by/4.0) 1. INTRODUCTION With an ever-increasing numberofmethodsandtacticsused to attack networks, the goal of securing a network must also continually expand in scope. While traditional methodssuch as Intrusion Detection System (IDS)/Intrusion Prevention Systems (IPS),Demilitarized zone(DMZ),penetrationtesting and various other tools can create a very secure network, it is best to assume vulnerabilities will always exist, and sooner or later, they will be exploited. Hence, there is a need to continuously find innovative ways of countering the threats, and one such way is to deploy honeypots on top of standard security mechanisms. If we've ever wonderedhow the good internet guys are going after the bad guys, one way is something that's called a honeypot. We see, in addition to the security measures we would expect,includingsecuringa computer network to keep cyber criminals out, the good guys use a honeypot to do just the opposite, attract the bad guys. In computer security terms, a cyber-honeypot works in a similar way, baiting a trap for hackers. It's a sacrificial computer system that is intended to attract cyber- attacks, like a decoy. It mimics a target for hackers, and uses their intrusion attempts to gain informationaboutcybercriminals and the way they are operating or to distract them from other targets. Figure 1.0 shows the overview of a honeypot. A honeypot is a computer or Raspberry Pi intendedtomimic likely targets of cyber-attacks. Figure 1.0 IJTSRD35900
  • 2. International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470 @ IJTSRD | Unique Paper ID – IJTSRD35900 | Volume – 5 | Issue – 1 | November-December 2020 Page 267 It can be used to detect attacks or deflect them from a legitimate target. It can also be used to gain information about how cybercriminals operate. Honeypots mimicanorganisation’snetwork environment,whichwouldtrick a hackertoassumethatit is an actual organisation. For example, a honeypot could mimica company'scustomer billingsystem,a frequenttargetofattack for criminals who want to find credit card numbers. Once the hackersarein,theycanbetracked,andtheirbehavioursassessed for clues on how to make the real network more secure. There are many applicationsandusecasesforhoneypots,astheywork to divert malicious traffic away from important systems, get an early warning of a currentattack beforecritical systemsarehit, and gather information about attackers and their methods. A honeypot is a widely used security control to capture and analyse malicious network traffic. The main goal of honeypot is to monitor and receive log data, which can later be used to prevent futureattacks.Itimitatescontactbetween emulated computer and attacker with the objective of acquiring sufficient data for effective analysis and potential prevention of attacks. 2. OBJECTIVES The Honeypot system is used to detect the type of the intruders, analyse their strategy and strength of attack. There are two categories of honeypots that are deployed for different uses - research honeypots and production honeypots. Research honeypots are focused on gathering information about the attack, used specifically for the purpose of learning about hacking methodologies. For example, the Honeynet Project is a volunteer project that runs honeypots to assess cyber threats. Production honeypots, on the other hand, are focused primarily on diverting attacks from important systems. Information gathering is also very important, since the data can be used to furthersecurethereal productionsystems,aswell asforforensic or legal purposes. 3. TYPES The honeypots can be classified into two that are Based on level of interaction Based on purpose A. Based on level of interaction Based on the level of interactions between attacker and the system there is three types of honeypots are the that are, • Low-interaction honeypots • Medium-interaction honeypots • High-interaction honeypots Low-interaction honeypots In the Low-interaction honeypots, it have only limited interaction with the external system. We can choose FTP as anexample for the low-interaction honeypot. They are easy to deploy and maintain, with many security teams deploying multiple honeypots across different segments of their network. Medium-interaction honeypots The medium-interaction honeypots are also called as mixed-interactive honeypots. These types of honeypots are more advanced than low-interaction honeypots but less than when we compared to high-interaction honeypots. The medium- interaction honeypots gives intruder with a more advanced illusionofoperationsystem,sothatthemoreadvanced attackscan be logged to our system and we can analyse that. They emulate aspects of the application layer, but do not have their own operating system. They work to stall or confuse attackers so that organisation’s have more time to figure out how to properly react to an attack. High-interaction honeypots The high-interaction honeypots are the most sophisticated types of honeypots. It actually look like a same as the original and which gives the intruder or attacker the realistic experience andsothatwecangetmoreadvancedlogsabouttheattack andwe can analysis it. This type of honeypot allows the deploying organisation to see attacker behaviours and techniques. High- interaction honeypots are resource-intensive and come with maintenance challenges, but the findings can be worth the squeeze. B. Based on purpose Based on the purpose we can classify it two, • Research honeypots • Production honeypots Research honeypots Research honeypots are focused on gathering information about the attack, used specifically for the purposeoflearningabout hacking methodologies. Production honeypots Production honeypots, on the other hand, are focused primarily on diverting attacks from important systems. Information gathering is also very important, since the data can be used to furthersecurethereal productionsystems,aswell asforforensic or legal purposes.
  • 3. International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470 @ IJTSRD | Unique Paper ID – IJTSRD35900 | Volume – 5 | Issue – 1 | November-December 2020 Page 268 4. DECEIVING ATTACKER USING HONEYPOT Honeypots are decoy systems or servers deployed alongside production systems within our network. When deployed as enticing targets for attackers, honeypots can add security monitoringopportunitiesfor blueteamsandmisdirecttheadversary from their true target. Honeypots come in a variety of complexities depending on the needs of our organisation and can be a significant line of defence when it comes to flagging attacks early. Therearemanyapplicationsandusercasesforhoneypots,as they work to divert malicious traffic away from important systems, get an early warning of a current attack before critical systems are hit, and gather information about attackers and their methods. If the honeypots neither contain confidential data nor well-monitored, one can get insight on attacker tools, tactics,andprocedures(TTPs)andgatherforensicandlegal evidence without putting the rest of our network at risk. Figure 4.0 shows the steps in the deployment of a honeypot. Figure 4.0 Deployment of Honeypot 4.1. COMPONENTS Honeypot is basically divided into two components: server and sensor. Each component is designedwithcertaintechnologies. A. Server part includes the following: AWS Cloud The server part of honeypot is deployed in cloud platform. A web-service is enabled to get a user friendly dashboard, Resultor retrieved data from the sensor will be updated over there. Simple UI is designed for the webpage so that output can be easily accessed. Hp Feeds It is a light weight authenticated publish-subscribe protocol. It hasa simplewire-formatsothateveryoneisabletosubscribeto the feeds with their favourite language in almost no time. Mnemosyne This technology is used for efficient learning. Flash-card tool in mnemosyneoptimizes thelearning process.Mnemosyneusesa sophisticated algorithm to schedule the best time for a card to come up for review. Difficultcardsthatwetendtoforgetquickly will be scheduled more often, while Mnemosyne won't waste our time on things we remember well. HoneyMap HoneyMap is a web application which visualizes a live stream of GPS locations on a SVG world map. In principle, it can be used with any stream of GPS data. Programmers use captures from honeypot, provided by several hpfeeds from the Honeynet Mongo DB It is a cross-platform document oriented database program. Classifiedasa NoSQL databaseprogram,itisa documentdatabase, which means it stores data in JSON-like documents. Also known as an unstructured database. B. Sensor part includes the following: Snort Snort is open source, lightweight Network IDS for Linux and window to detect threats. Snort can do protocol analysis, content searching/matching, it is also used to detect attacks and probes.
  • 4. International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470 @ IJTSRD | Unique Paper ID – IJTSRD35900 | Volume – 5 | Issue – 1 | November-December 2020 Page 269 Dionaea It is used to trap malware exploiting vulnerabilities exposed by service offered to networks. The action is to trap or exploit malware that attacks the tissue, and its main purpose is to obtain a copy of the malware. Conpot It is a low interactive server-side Industrial Control Systems honeypot designed to be easy to deploy, modify and extend. By providing a range of common industrial control protocols. Protocol stacks and templates are created so that Conpot can resemble a real hardware (Uranium centrifuge, Power grid, Aircraft carrier etc.). Amun Anum is a lightweight and flexible low-interaction honeypot, which is made to capture malware that spreads by exploiting server based vulnerabilities. In our system amun tries to put Drupal (ContentManagementSystem)asbaitinfrontof attackers. 4.2. SYSTEM ARCHITECTURE Honeypot comprises of server and sensor side components. Sensor-side honeypots are a combination of different kinds of honeypots which are deployed for specific tasks. On the other hand, Server-side honeypots deal with the data retrievedbythe sensors for output representation. Rather than being a single system, a combination of multiple honeypots deployed in a network is called Honeynet. Figure 4.2 shows the honeypot architecture. In the sensor, honeypot captures all traffic which comes to the environment. Each honeypot captures different kinds of attack for which it is designed. Alertfromthesensor will be sent to the server module. Each sensor is embedded with a network scanner and IP tracker. Figure 4.2 Architecture of Honeypot Sensors are hosts in a system or cloud or Raspberry Pi. Server is hosted in a cloud platform so that it won't be shut down during power failure. Cloud is economicandhasa vast storage space. Alert received from the sensor is inthebinary format, Hpfeeds converts the binary format into readable language. Output delivered from Hpfeeds will be stored in the Mongo database using a learning tool Mnemosyne.Snort contains certain ruleswhichareconsideredasparametersto detect malicious content in network traffic. Dashboard or UI provided in the web application which is hosted on the server. Honeymap provide a livestreamingoffGPSlocations. 5. Results and Analysis Deployed server records all the input provided from the sensors which consist of multiple honeypots. Each sensor captures specific kind of attacks,storedlogsanddisplayedin dashboard which is provided in the web service hosted on the server. The different sensors and the corresponding attack reports are discussed below: 5.1. Dionaea Dionaea sensor (deployed in cloud) with public DNS (IPv4) 54.209.14.173 captures malware attack from Columbia, Russia, France, USA, Brazil etc. Detailed explanation of source IP, Destination ports, Protocol through the attack mitigated and date and time of attack capture are given in figure 5.1. The countries are represented by their national flags. Figure 5.1 5.2. Amun The attack report of Amun sensor is shown in figure5.2. The attackers targeted the famous ports like 445 (HTTPS), 8080 (HTTP Alternate), 23 (Telnet), 587 (SMTP) and penetrate into Amun sensor using Microsoft-ds, Submission, Telnet, http-alt etc. Sensor has hosted in network IP 172.31.40.145
  • 5. International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470 @ IJTSRD | Unique Paper ID – IJTSRD35900 | Volume – 5 | Issue – 1 | November-December 2020 Page 270 and it been targeted by Eagle eyes from China, USA, India, Taiwan etc. Content Management System (CMS) and Drupal service is provided in this sensor, which helps to analyse the targeted attacks and tactics. Figure 5.2 5.3. Cowrie Cowrie is the same as Kippo which is used to capture the brute-force attack and enumerate the strength of it or in other how many combination attackers tried in this attack. Usually this attack targets port 22 (SSH). The figure 5.3 shows the attacks from Macedonia, Russia andFrancewhich is captured in common. Figure 5.4 shows the number of combinations of password used in an attempt. The attacker with source IP 85.209.0.100 tries single combinations of password at a time, this shows the strength of brute-force attack is low. Figure 5.3 Attack report of Cowrie Figure 5.4 Strength of Brute-force attacks in Cowrie 5.4. Snort Snort is a popular IDS system which helps to block all the malicious traffic. Usually snort consists of certain rules which contain popular malware signatures which helps it to identify the malicious content of traffic. Figure 5.5 depicts the source of attack which is scattered in Russia, China, Germany, France etc. They tried to penetrate through different ports, but they followedthesameprotocol.Because malicious IPs, signatures and its traffic are blacklisted already, IDS defends and blocks the traffic from those IPs. Figure 5.5 Attack report of Snort Snort rules are a different methodology for performing detection. It is based on detecting the actual vulnerability. Figure 5.6 Snort Rules Snort rules are depicted in figure 5.6. The keywords in the figure are explained below: SID is used to uniquely identify Snort rule REV is used to uniquely identify revisions of Snort rules Class Type is used to categorize a rule as detectinganattack that is part of a more general type of attack class Reference allows the rules to include references to external sources of information It is considered that snort id is a unique identifier for each rule. It allows output plugins to identify rules easily and should be used with the Rev (revision) keyword. 5.5. Conpot The Conpot results in figure 5.7 concludesthatthesekindsof attacks are rare, but strong enough to break into bigger attacks. It captures logs from port 502 (TCP/UDP). The USA is the leading source in this attack where France, Switzerland and Canada hold the corresponding positions.
  • 6. International Journal of Trend in Scientific Research and Development (IJTSRD) @ www.ijtsrd.com eISSN: 2456-6470 @ IJTSRD | Unique Paper ID – IJTSRD35900 | Volume – 5 | Issue – 1 | November-December 2020 Page 271 According to the pattern observed from the report, the source locations are clustered. Figure 5.7 Attack report of Conpot 5.6. Honeymaps Honeymap is a web application which visualizes a live stream of GPS locations on a SVG world map. It can be used with any stream of GPS data which will provide actual latitude and longitude value as it is given in figure 5.8. Figure 5.8 Honey map 6. CONCLUSION Once the honeypot management system is implemented, all the honeypots managed to outwit the attackers by opening ports on a server that turned these ports into a hoax are cleared to record the suspicious activities of the attackers. Although the action of intrusion into the system is not optimal, the results are displayedonthewebinterface which could complement each other in providing information to administrators for further action. Honeypots like Amun, Dionaea, Cowrie, Snort and Conpot are managed to deceive the attackers by opening ports in servers that are often targeted by attackers. 7. FUTURE ENHANCEMENT Malware analysis can also be embedded into this system. Captured signatures of malware as reference an improved supervised learning can implement in future which can improve the system as well as fasten the entire process. 8. REFERENCES [1] Haris Semic and Sasa Mrdovic,"IoThoneypot:a multi- component solution for handling manual and Mirai- based attacks”, IEEE Open Access Journal, vol.6, November 2017. [2] Muhammet Baykara and Resul Das, “A novel honeypot-based security approach for real-time intrusion detection and prevention systems”, Journal of Information Security and Applications, vol.41, December 2018. [3] Jicha, Arthur, Mark Patton, and Hsinchun Chen. "SCADA honeypots: An in-depth analysis of Conpot", IEEE conference on intelligence and security informatics (ISI). IEEE, 2016. [4] M. S. Durairajan, R. Saravanan and S. Sibi Chakkaravarthy, “Low interaction honeypot: a defense against cyber-attacks”, Journal of Computational and Theoretical Nanoscience, vol.13, January 2016. [5] Feng, X., Li, Q., Wang, H., & Sun, L. "Characterizing industrial control system devices on the internet”, IEEE 24th International Conference on Network Protocols (ICNP), 2016. [6] Rushikesh Katkam “Study on Honeypot based secure Network System”, International Journal of Advanced Research in Computer Science, vol.10, November 2019. [7] https://blog.rapid7.com/2016/12/06/ [8] www.honeynet.org/projects/active/conpot/ [9] www.honeynet.org/projects/active/dionaea/ [10] https://www.kaspersky.com/resource-center [11] www.honeynet.org/projects/active/honeytrap/