An Advanced Honeypot System for Efficient Capture and Analysis of Network Attack Traffic

  ijett-book-cover  International Journal of Engineering Trends and Technology (IJETT)          
  
© 2012 by IJETT Journal
Volume-3 Issue-5                       
Year of Publication : 2012
Authors :  Balaji Darapareddy , Vijayadeep Gummadi

Citation 

Balaji Darapareddy , Vijayadeep Gummadi. "An Advanced Honeypot System for Efficient Capture and Analysis of Network Attack Traffic". International Journal of Engineering Trends and Technology (IJETT). V3(5):616-621 Sep-Oct 2012. ISSN:2231-5381. www.ijettjournal.org. published by seventh sense research group

Abstract

A Honeypot is an information system resource used to divert attackers and hackers away from critical resources as well as a tool to study an attacker’s methods. One of the most widely used tools is honeyd for creating honeyp ots. The logs generated by honeyd can grow very large in size when there is heavy attack traffic in the system, thus consuming a lot of disk space. The huge log size poses difficulty when they are processed and analyzed by security analysts as they consume a lot of time and resources. We propose a system which addresses these issues. It has two important modules. The first module is to capture packets in the network ie either lan or web. The second module is a analyzer the captured packets in order to gener ate summarized captured packet information and graphs for the security administrators. This application also monitors packet information regarding web traffic. The experimental results show that the space required by log file reduces significantly and re ports generated dynamically as per user needs.

References

[1] Provos, N., Honeyd - Network Rhapsody for You . 2002 - 2003, Center for Information Technology Integration - Computer Science Department of University of Michigan. http://www.citi.umich.edu/u/provos/hon eyd/
[2] Roesch, M., Snort - The Open Source Network Intrusion Detection System . 2003. http://www.snort.org/
[3] Song, D., libdnet . 2003. http://libdnet.sourceforge.net/
[4] Spitzner, L., Honeypots: Tracking Hackers . 2002: Addison - Wesley Pub Co. 480.
[5] Spitzner, L., Definition and value of Honeypots , in Tracking Hackers . 2003. http://www.trackinghackers . com/papers/honeypots.ht ml
[6] Heberlein, L.T., G. Dim, K. Levilt, B. Mukhejee, J. Wood, and D. Wolber, I‘ A network security monitor,’’ Proc., 1990 Symposium on Research in Security and Privacy, pp. 296 - 304, Oakland, CA, May 1990
[7] Staniford - Chen S., S. Cheung, R Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, and D. Zerkle, “ GPICG - A Graph - Based Intrusion Detection System for Large Networks,” The 19th National Information Systems Security Conference
[8] I Anton Chuvakin, “Honeynets: High Value Security Da ta”: Analysis of real attacks launched at a honeypot, Network Security, vol. 2003, Issue 8, pp. 11 - 15, August 2003.
[9] L. Spitzner, “Honeytokens: The Other Honeypot.,” in Internet: http://www.Securityfocus. com/infocus/1713 , 2003.
[10] Honeyd, http://www .honeyd.org/, 2008