Call for Paper - January 2023 Edition
IJCA solicits original research papers for the January 2023 Edition. Last date of manuscript submission is December 20, 2022. Read More

Mitigating Computer Attacks in a Corporate Network using Honeypots: A Case Study of Ghana Education Service

Print
PDF
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2018
Authors:
Promise R. Agbedanu, J. B. Hayfron-Acquah, F. Twum
10.5120/ijca2018916836

Promise R Agbedanu, J B Hayfron-Acquah and F Twum. Mitigating Computer Attacks in a Corporate Network using Honeypots: A Case Study of Ghana Education Service. International Journal of Computer Applications 180(32):18-22, April 2018. BibTeX

@article{10.5120/ijca2018916836,
	author = {Promise R. Agbedanu and J. B. Hayfron-Acquah and F. Twum},
	title = {Mitigating Computer Attacks in a Corporate Network using Honeypots: A Case Study of Ghana Education Service},
	journal = {International Journal of Computer Applications},
	issue_date = {April 2018},
	volume = {180},
	number = {32},
	month = {Apr},
	year = {2018},
	issn = {0975-8887},
	pages = {18-22},
	numpages = {5},
	url = {http://www.ijcaonline.org/archives/volume180/number32/29250-2018916836},
	doi = {10.5120/ijca2018916836},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}
}

Abstract

Computer and network security is increasingly becoming not only more significant to industry players but also complex regarding mitigating sophisticated cyber-attacks. It is essential for developers, systems administrators, and web administrators to develop and manage systems that can stand the test of time as far as computer and network attacks are concerned. A hybrid honeypot was deployed in the network setup of the Ghana Education Service. The honeypot set up was made up of Valhalla honeypot and honeyd (low-interaction honeypots), Cowrie (medium-interaction honeypot), Windows and two Ubuntu OS implemented on real systems (high-interaction honeypot) and Snort. This research goes a step further to collect the attack on data and analyse them. The attacks that were launched against the honeypots deployed in the network were Port Scanning, SSH Brute Force attack, HTTP Authentication Brute Force attack, SQL Injection and Spam. It was discovered that the honeypots received 5061 attack connections from October to December 2017. Majority of the attack connections were TCP based, resulting in 2851 of the total attack connections. The results of this work also show that honeyd receive 36% of the total attacks launched against the honeypots.

References

  1. M. Ansah, “Gov’t of Ghana website hacked | citifmonline,” citifmonline. 2015.
  2. NA, “KNUST’s Official Website Hacked!.,” 233 Live News, 2015. [Online]. Available: https://233livenews.wordpress.com/2015/11/24/knusts-official-website-hacked/. [Accessed: 20-Apr-2016].
  3. M. A. Lihet and V. Dadarlat, “How to build a honeypot System in the cloud,” in 2015 14th RoEduNet International Conference - Networking in Education and Research (RoEduNet NER), 2015, pp. 190–194.
  4. N. Kuze, S. Ishikura, T. Yagi, D. Chiba, and M. Murata, “Detection of vulnerability scanning using features of collective accesses based on information collected from multiple honeypots,” in NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, 2016, pp. 1067–1072.
  5. J. Zhai and K. Wang, “Research on applications of honeypot in Campus Network security,” in Proceedings of 2012 International Conference on Measurement, Information and Control, 2012, vol. 1, pp. 309–313.
  6. S. Kumar, R. Sehgal, and J. S. Bhatia, “Hybrid honeypot framework for malware collection and analysis,” in 2012 IEEE 7th International Conference on Industrial and Information Systems (ICIIS), 2012, pp. 1–5.
  7. I. S. Kim and M. H. Kim, “Agent-based honeynet framework for protecting servers in campus networks,” IET Inf. Secur., vol. 6, no. 3, pp. 202–211, 2012.
  8. W. Z. A. Zakaria, F. M. Maksom, and K. Abdullah, “Observing the presence of mobile malwares using low-interaction honeypot,” in 2016 IEEE Symposium on Computer Applications & Industrial Electronics (ISCAIE), 2016, pp. 117–121.
  9. U. Upadhyay and G. Khilari, “SQL injection avoidance for protected database with ASCII using SNORT and HONEYPOT,” in 2016 International Conference on Advanced Communication Control and Computing Technologies (ICACCCT), 2016, pp. 596–599.
  10. Y. L. Tsai, B. Y. Lee, and J. G. Chang, “Automated Malware Analysis Framework with Honeynet Technology in Taiwan Campuses,” in 2012 IEEE 18th International Conference on Parallel and Distributed Systems, 2012, pp. 724–725.
  11. Z. Zhan, M. Xu, and S. Xu, “Characterizing Honeypot-Captured Cyber Attacks: Statistical Framework and Case Study,” IEEE Trans. Inf. Forensics Secur., vol. 8, no. 11, pp. 1775–1789, 2013.
  12. A. M. Leonard, H. Cai, K. K. Venkatasubramanian, M. Ali, and T. Eisenbarth, “A honeypot system for wearable networks,” in 2016 IEEE 37th Sarnoff Symposium, 2016, pp. 199–201.
  13. N. M. Danchenko, A. O. Prokofiev, and D. S. Silnov, “Detecting suspicious activity on remote desktop protocols using Honeypot system,” in 2017 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), 2017, pp. 127–128.

Keywords

Computer security, Network Security, Honeypots.