International Journal of Engineering
Trends and Technology

Research Article | Open Access | Download PDF

Volume 3 | Issue 5 | Year 2012 | Article Id. IJETT-V3I5P212 | DOI : https://doi.org/10.14445/22315381/IJETT-V3I5P212

An Advanced Honeypot System for Efficient Capture and Analysis of Network Attack Traffic

Balaji Darapareddy , Vijayadeep Gummadi

Citation :

Balaji Darapareddy , Vijayadeep Gummadi, "An Advanced Honeypot System for Efficient Capture and Analysis of Network Attack Traffic," International Journal of Engineering Trends and Technology (IJETT), vol. 3, no. 5, pp. 616-621, 2012. Crossref, https://doi.org/10.14445/22315381/IJETT-V3I5P212

Abstract

A Honeypot is an information system resource used to divert attackers and hackers away from critical resources as well as a tool to study an attacker’s methods. One of the most widely used tools is honeyd for creating honeyp ots. The logs generated by honeyd can grow very large in size when there is heavy attack traffic in the system, thus consuming a lot of disk space. The huge log size poses difficulty when they are processed and analyzed by security analysts as they consume a lot of time and resources. We propose a system which addresses these issues. It has two important modules. The first module is to capture packets in the network ie either lan or web. The second module is a analyzer the captured packets in order to gener ate summarized captured packet information and graphs for the security administrators. This application also monitors packet information regarding web traffic. The experimental results show that the space required by log file reduces significantly and re ports generated dynamically as per user needs.


Keywords

An Advanced Honeypot System, Efficient Capture, Honeypot.

References

[1] Provos, N., Honeyd - Network Rhapsody for You . 2002 - 2003, Center for Information Technology Integration - Computer Science Department of University of Michigan. http://www.citi.umich.edu/u/provos/hon eyd/
[2] Roesch, M., Snort - The Open Source Network Intrusion Detection System . 2003. http://www.snort.org/
[3] Song, D., libdnet . 2003. http://libdnet.sourceforge.net/
[4] Spitzner, L., Honeypots: Tracking Hackers . 2002: Addison - Wesley Pub Co. 480.
[5] Spitzner, L., Definition and value of Honeypots , in Tracking Hackers . 2003. http://www.trackinghackers . com/papers/honeypots.ht ml
[6] Heberlein, L.T., G. Dim, K. Levilt, B. Mukhejee, J. Wood, and D. Wolber, I‘ A network security monitor,’’ Proc., 1990 Symposium on Research in Security and Privacy, pp. 296 - 304, Oakland, CA, May 1990
[7] Staniford - Chen S., S. Cheung, R Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, and D. Zerkle, “ GPICG - A Graph - Based Intrusion Detection System for Large Networks,” The 19th National Information Systems Security Conference
[8] I Anton Chuvakin, “Honeynets: High Value Security Da ta”: Analysis of real attacks launched at a honeypot, Network Security, vol. 2003, Issue 8, pp. 11 - 15, August 2003.
[9] L. Spitzner, “Honeytokens: The Other Honeypot.,” in Internet: http://www.Securityfocus. com/infocus/1713 , 2003.
[10] Honeyd, http://www .honeyd.org/, 2008

Time: 0.0013 sec Memory: 32 KB
Current: 1.88 MB
Peak: 4 MB