CFP last date
20 June 2024
Reseach Article

Design and Implementation of a Medium Interaction Honeypot

by Ayeni O. A, Alese B. K, Omotosho L. O.
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 70 - Number 22
Year of Publication: 2013
Authors: Ayeni O. A, Alese B. K, Omotosho L. O.
10.5120/12197-8136

Ayeni O. A, Alese B. K, Omotosho L. O. . Design and Implementation of a Medium Interaction Honeypot. International Journal of Computer Applications. 70, 22 ( May 2013), 5-10. DOI=10.5120/12197-8136

@article{ 10.5120/12197-8136,
author = { Ayeni O. A, Alese B. K, Omotosho L. O. },
title = { Design and Implementation of a Medium Interaction Honeypot },
journal = { International Journal of Computer Applications },
issue_date = { May 2013 },
volume = { 70 },
number = { 22 },
month = { May },
year = { 2013 },
issn = { 0975-8887 },
pages = { 5-10 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume70/number22/12197-8136/ },
doi = { 10.5120/12197-8136 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:33:31.227368+05:30
%A Ayeni O. A
%A Alese B. K
%A Omotosho L. O.
%T Design and Implementation of a Medium Interaction Honeypot
%J International Journal of Computer Applications
%@ 0975-8887
%V 70
%N 22
%P 5-10
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Security in computing world is a serious issue and must be handle with utmost care, hence the need to always protect and secure our networks as more and more business are been conducted through the internet. The expansion of the World Wide Web has given unlimited access to attackers to prey on ignorant administrator who lacks basic knowledge of network security. Vulnerabilities in common security components such as firewalls, security patches, access control and encryption are inevitable, so hackers take advantage of these loopholes to break into computer networks. This paper presents the result of a research that was carried out using a medium interaction honeypot, a virtual machine ware workstation, snort software and entropy-based model for capturing, analyzing and detection of malicious traffic targeted at the network. A ring topology network of three system was design using virtual machine work station, a Snort software was installed on all the three machine to capture traffic on the network and entropy-based mathematical analysis was conducted on the traffic to detect attack/malicious traffic. The entropy H(x) = –?_(i=1)^N??(P_i )*? log_2 (P_i) where Pi = N_i/S. N is a set of positive integer that represent the total number of server on the network, n_i represent the size of the traffic in bytes and S represent the total length of the traffic that constitute the traffic. The result of the research work shows detection of malicious traffic and also limit the rate of denial of service targeted at the network.

References
  1. A. Lakhina, M. Crovella, and C. Diot, "Mining Anomalies Using Traffic Feature Distributions," ACM SIGCOMM, 2005.
  2. A. Sardana and R. C. Joshi, "Simulation of Dynamic Honeypot Based Redirection to Counter Service level DDoS Attacks". In Proceedings of ICISS 2007, Springer LNCS 4812, pp. 259–262, 2007.
  3. Anjali Sardana, Krishan Kumar and R. C. Joshi, "Detection and Honeypot Based Redirection to Counter DDoS Attacks in ISP Domain" In Proceedings of IEEE Third International Symposium on Information Assurance and Security. Manchester, UK, pp. 191-196, Aug 2007
  4. . Anjali Sardana and R. C. Joshi1 An Integrated Honeypot Framework for Proactive Detection, Characterization and Redirection of DDoS Attacks at ISP level, 2008
  5. S. Bellovin (1992). "There be dragons". Proceedings of the Third Usenix Security Symposium, Baltimore MD.
  6. . B. Stephan, "Optimal filtering for denial of service mitigation," In Proceedings of the 41st IEEE Conference on Decision and Control, 2002, Vol. 2, pp. 1428 – 1433, Dec. 2002. CERT Statistics http: //www. cert. org/starts/cert
  7. B. Cheswick (1992). An evening with Berferd in which a cracker is lured, endured, and studied. Proceedings of the Winter USENIX Conference, San Francisco
  8. Christian Döring: Improving network security with Honeypots, pages B34-B36, Master's thesis University of Applied Sciences Darmstadt, Department of Informatics, 2005
  9. Clifford Stoll: The Coocoo's egg, Pocket Books 1990
  10. C. M. Cheng, H. T. Kung, and K. S. Tan, "Use of spectral analysis in defense against DoS attacks". In Proceedings of IEEE GLOBECOM 2002, pp. 2143-2148, 2002.
  11. Eric Peter, epeter(at)wustl(dot)edu and Todd Schiller, tschiller(at)acm(dot)org (A project report written under the guidance of Prof Raj Jain). A practical guide to honeypot.
  12. [ForeScout02] ForeScout Technologies. "Beyond Detection: Neutralizing Attacks Before They Reach the Firewall". Summer 2002
  13. [ForeScout04] ForeScout Technologies, Inc. January 2004. [http://www. forescout. com/]
  14. J. Mirkovic, J. Martin ,and P. Reiher, "A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms". Technical Report 020018, Computer Science Department, University of California, LosAngeles,2002.
  15. Johansson, Karsten. "Offensive Operations Model". KSAJ Inc. August 2001. [http://www. penetrationtest. com/]
  16. K. J. Houle, G. M. Weaver, N. Long, and R. Thomas. "Trends in denial of service attack technology". Technical Report Version 1. 0, CERT Coordination Center, Carnegie Mellon University, 2001.
  17. K. J. Ioannidis, and S. M. Bellovin, "Implementing Pushback: Router-Based Defense against DDoS Attacks". IEEE INFOCOMM, 2003.
  18. L. Spitzner: "Honeypots, Tracking Hackers", pages 239-240, Addison-Wesley 2002
  19. M. Roesch: Martin Roesch, Snort – Intrusion Detection and Prevention System, http://www. snort. org/, Sourcefire Inc.
  20. M. Roesch, "Snort—Lightweight Intrusion Detection for Networks". In Proceedings of USENIX Systems Administration Conf. (LISA '99), Nov. 1999.
  21. National Institute of Standards and Technology (NIST)"Guidelines on firewalls and firewall policy" January 2002
  22. Nor Badrul Anuar, Omar Zakaria, and Chong Wei Yao University of Malaya, Kuala Lumpur MY Honeypot through Web: The emerging ofsecurity application integration.
  23. P. Dewan, P. Dasgupta, and V. Karamcheti. "Defending against Denial of Service attacks using Secure Name resolution", 2003
  24. [PPC97] Pfleeger, P. Charles. "Security in Computing". Prentice Hall PTR. Second Edition. p 3. 1997
  25. . Rafeeq Ur Rehman, 2003. Advanced IDS Techniques Using Snort, Apache, MySQL, PHP, and ACID
  26. R. B. Blazek, H. Kim, B. Rozovskii, and A. Tartakovsky, "A novel approach to detection of denial of-service attacks via adaptive sequential and batch sequential change-point detection methods". In Proceedings of IEEE Systems, Man and Cybernetics Information Assurance Workshop, 2001
  27. Saleh Ibrahim Bakr Almotairi. Using honeypots to analyse Anomalous internet activities.
  28. Spitzner, Lance. Honeypots: Tracking Hackers. Addison-Wesley Professional,2002. An older book providing a comprehensive discussion of honeypots. Includes an in-depth treatment of 6 available honeypots
  29. Spitzner, L. Honeypots – Tracking Hackers. Addison-Wesley, 2003. ISBN 0-321-10895-7.
  30. Spitzner, L. Honeypots: Are they illegal? Security Focus, Infocus (June 2003). http://www. securityfocus. com/infocus/1703.
  31. Spitzner, L. Honeypots: Catching the insider threat. In proceedings of the 19th Annual Computer Security Applications Conference (ACSAC) (2003), pp. 170–179.
  32. Stoll, C. (1998). Stalking the wiley hacker. Comunications of the ACM, 31(5), 484- 497
  33. The Honeynet Project: Research alliance, http://www. honeynet. org,non-profit Honeypot research organization, 1999
  34. The Honeynet Project. Know Your Enemy: Sebek - a kernel based data capture tool, Nov. 2003. http://www. honeynet. org/papers/ sebek. pdf
  35. Y. Xiang and W. Zhou. "Classifying DDoS packets in high-speed networks", In International Journal of Computer Science and Network Security, Vol. 6, No. 2B, February 2006
  36. [BaS]. Bait and Switch Honeypot. http://baitnswitch. sourceforge. net/.
  37. [CVE] CVE – Common Vulnerabilities and Exposures. http://cve. mitre. org.
  38. [HNET] The HoneyNet Project. http://www. honeynet. org.
  39. [LOBSTER] LOBSTER-Large-scale Monitoring of Broadband Internet Infrastructures. http://www. ist-lobster. org/.
  40. [SEBEK] Sebek - A data capture tool. http://www. honeynet. org/tools/sebek.
  41. [SNORT] Snort - A network intrusion detection system. http://www. snort. org.
  42. A virtual Honeypot framework, Niels provos Google, Inc. niel@google. com
Index Terms

Computer Science
Information Sciences

Keywords

honeypot security Network traffic & detection