Survey on a network for protecting from malicious usage

Survey on Security using HoneypotAshka Ashani1, Deesha Nirmal 2, Viral Doshi3, Nikita Patil41Student, Department of Computer Engineering, Atharva College of Engineering, Mumbai, India2Student, Department of Computer Engineering, Atharva College of Engineering, Mumbai, India3Student, Department of Computer Engineering, Atharva College of Engineering, Mumbai, India4Assistant Professor, Department of Computer Engineering, Atharva College of Engineering, Mumbai, India Abstract : With the recent advancements in cyber attack and ready available internet connection security has become more and more of an issue. Here, honeypots can be used to ensure security. Honeypot uses deception to trap the attacker and also logs details about the attacker. The purpose of the paper is to give an in depth idea about what honeypot is and how it can be deployed on a network for protecting from malicious usage of any sensitive data. It also focuses on the various attacks that can occur on the system. Keywords – Honeypot, Honeynet, Intrusion detection system.Introduction Advances in Technology and human dependency on them are rapidly increasing gradually. Apart from this, the number of devices connected to a Network is also on its peak.  With these ever changing technologies, threats are also increasing day by day. Therefore for any network administrator it becomes at most necessary to protect the systems and system data on a network from any attackers.There are possibilities of many loopholes in a network. A hacker tries to detect these vulnerabilities in the network and then attack it in order to get the access of important and confidential information stored on the network. The hacker can also manipulate the sensitive information or can delete the important records. Hackers can attack using various types of attacks such as denial of service attack, brute force attack, phishing attack, IP Spoofing and many more. These potential attacks can manipulate the system data or use it for malicious activities. There are various technologies developed for preventing the systems from these attacks. One of such technology is the Intrusion Detection System. The Intrusion Detection System runs in the background and monitors the system and detects any malicious activities on it.  Intrusion detection system can be classified into two types one which just notifies or alerts the network administrator about any intrusion detected and the other type lets the network administrator to take action against the intruder. However it does not obtain information about the attackers. Another drawback of the Intrusion Detection System is that in case of heavy traffic on the network, it is difficult to determine which packets are deviated. Intrusion detection system are mainly suitable for small scale network where preventing data breach is secondary purpose.Honeypot is a system which is deployed on a network in order to detect malicious activities and protect the system from various attacks. Honeypot detects malicious activities and tries to deceive the attacker. The attacker thinks that the system which is being attacked is a real system whereas it is a trap created by the Honeypot. In this process the Honeypot tries to obtain the information about the attacker and also prevent the network from the attacks. In other terms, Honeypot is basically a decoy or a trap.This paper gives an overview of Honeypot and its application in real time systems. The objective of this paper is to represent the various trends and opportunities for Honeypot researchers. Basic theory A honeypot is a machine or a system  that is usually designed with the aim of detecting and trapping any attempt to penetrate into an experimental system. It acts as masquerade to the attacker. If the attacker breaks into the system or server, then the honeypot which resembles the original server will be assaulted by the attack, while the actual system remains safe and untouched as a server behind the honeypot. For those who are not experienced attackers, they tend to think that they have easily managed to hack the system / server.  However, all actions, tools, and techniques used in the attack have been recorded for study by the System Administrator concerned through the data and information presented by the honeypot.Fig 1.1 Basic Working of Honeypot SystemFig 1.1 shows basic working of honeypot system. Any malicious user will be redirected to a fake server so that the actual network remains unaffected. Simillary, Legitimate users of the network will be able to access network services as they won’t be redirected to honeypot trap. According to their use and their involvement, Honeypots can be classified as production and research honeypots.Production Honeypot –     Production Honeypots are primary honeypots which can detect the attacks and provide a warning to the attackers. These type of honeypots are easy to deploy and provide least information about the attacks and attackers. Research Honeypot –     Research Honeypots are high level honeypot which are used by researchers or professionals. These honeypots are capable of logging information about the intruder as well as the techniques used by the intruder. These honeypot gather as much information as possible. They provide information which can be used for statistical study or investigation.Level of InteractionHoneypot can be implemented in three different levels depending upon its interaction and way of handling network security. Low level interaction:  Honeypot designed to operate at low level interaction  is the most simplest honeypot. A low level interaction honeypot just tries to record or log information about the attacker. But the drawback here is, the attacker can easily recognize a honeypot at this level.Medium level interaction:  As compared to low level honeypot, a medium level honeypot cannot be recognized easily. Medium level honeypot are more complex than low level interaction honeypot but long-delayed.High level interaction:  High level interaction are complex to set up as they involve  real time operating system. Honeypot at this level misguides the hacker to a fake system.HoneynetIn a network, if there are too many honeypots deployed then it is known as a Honeynet. Typically, a honeynet is used for monitoring and/or more diverse network in which one honeypot may not be sufficient. The purpose of honeynet is to better understand the hacker’s behavior and methodologies. They allow hacker to be easily identified. Proposed SystemThe purpose of the proposed system is to design a honeypot on a network and check the efficiency by attacking the same. Following are the steps for extraction procedure of honeypot.Identify any attack on the system and to log source and target information.Redirecting the intruder to the honeypot.Extracting the attacker’s information. Ban attacker from the network.Generating records and statistical data.ConclusionAs our dependence on computers and network constantly increases, comprehensive network security is of tremendous importance. A first requirement to be able to better protect networks assets is to gain a detailed understanding of malicious threats. There are innumerable options available today to access any sensitive information maliciously. Therefore, to counter such attacks the concept of honeypot has been precisely invented to fill this task. This system gave us an opportunity to study Honeypot and IDS system in detail. It is important for organizations to secure their digital assets by detecting and preventing vulnerabilities before they are exploited. Honeypot system generates less number of alarms than IDS. Hence it can be concluded that combination of Honeypot and Intrusion detection system can be suitably used as most efficient system to ensure system security. AcknowledgementWe gratefully acknowledge the assistance provided to us by the following authorities in the completion of our project titled “SECURITY USING HONEYPOT.” We take this opportunity to express our profound gratitude and deep regards to our guide Prof. Nikita Patil having an immensely busy work schedule, we never found any of our request of help and guidance to her being turned down. We are sincerely grateful to her for his exemplary guidance, monitoring and constant encouragement throughout the course of this project. We would like to take the opportunity to thank the Head of  department of Computer Engineering, Prof. Mahindra Patil for permitting us to pursue this project. A number of people contributed their time and efforts in making this project a success. We would like to thank everyone who contributed their effort and sharing time for our work and encouraging us to continue. In particular, we are greatly indebted to our guide for his valuable suggestion and moral support without which this project would not have been possible. Last but not the least, we are thankful to our friends who inspired and encouraged us throughout.References1 Ronald M. Campbell, Keshnee Padayachee,Themba Masombuka, “A Survey of Honeypot Research: Trends and Opportunities”,2 Hibatul Wafi, Andrew Fiade, Nashrul Hakiem, Rizal Broer Bahaweres, “Implementation of a Modern Security Systems Honeypot Honey Network on Wireless Networks”,3 Irwan Sembiring, “Implementation of Honeypot to Detect and Prevent Distributed Denial of Service Attack”,4 Marius Alin Lihet, Vasile Dadarlat, “how to build a honeypot system in cloud”,Ronald M. Campbell, Keshnee Padayachee,Themba Masombuka, “A Survey of Honeypot Research: Trends and Opportunities”