ADVANCED HONEYPOT ARCHITECTURE FOR NETWORK THREATS QUANTIFICATION

Type: Project Materials | Format: Ms Word | Attribute: Documentation Only | Pages: 70 Pages | Chapters: 1-5 chapters | Price: ₦ 3,000.00

1,278 marked this research material reliable.
Call or whatsapp: +2347063298784 or email: info@allprojectmaterials.com
ADVANCED HONEYPOT ARCHITECTURE FOR NETWORK THREATS QUANTIFICATION

CHAPTER ONE

1.1.         INTRODUCTION

In the era of information and technology, computer security is a topic that swiftly advances. Over the past few years, as the number of inter-connected systems has rapidly increased, the threat landscape evolved just as fast. As the number of complex attacks on computer networks has increased, the demand for improved early warning detection solutions and better countermeasures that prevent adversaries to gain access to computer systems have appeared. The traditional approach to information security has been defensive throughout the years, but new strategies in more aggressive forms appear to supplement the existing methods. The current state-of-the-art solution involves the use of various honeypots typically grouped into honeynets or honeyfarms, which aim to help security experts learn from the attacks and improve the security of their systems.

The aim of this thesis is to introduce the reader to the world of honey-pots, present an overview of the functionalities such systems provide and explain the concepts behind them. Furthermore, this paper will de-scribe the implementation process of a standalone honeypot software solution created in the scope of this work. The honeypot framework will supplement the current solutions and add new features to the existing Honeyd design. The improvements aim to modernize Honeyd’s model by providing new logging capabilities, easier deployment methods and enhancing its proxy functionality.

 

 

1.2.         BACKGROUND OF THE STUDY

Today''s world increasingly relies on computer networks. The use of network resources is growing and network infrastructures are gaining in size and complexity. This increase is followed by a rising volume of security problems. New threats and vulnerabilities are found every day, and computers are far from being secure. In the first half of 2008, 3,534 vulnerabilities were disclosed by vendors, researchers and independents [42]. Between 8 and 16% of these vulnerabilities were exploited the day they were released by malicious programs [42]. The consequences affect users and companies at critical levels, from privacy issues to financial losses [68].

To address this concern, network operators and security researchers have developed and deployed a variety of solutions. The goal of these solutions is two-fold: first to monitor, and second to protect network assets. Monitoring allows researchers to understand the different threats. Data are being collected to better characterize and quantify malicious activity. The goal of this dissertation is to introduce an innovative framework to better measure malicious threats in the organization network. The framework is based on a flexible hybrid honeypot architecture that we integrate with the organization network using network flows.

Honeyd was a widely used honeypot, but since its maintenance has been neglected, its popularity has decreased. Honeyd is capable of simulating an arbitrary network topology and deceiving attackers by emulating services that appear legitimate to popular scanning and fingerprinting tools such as Nmap. Honeyd can also play the role of a proxy, which allows the honeypot to forward network connections to a different machine.

Honeyd achieves this by acting as a Man-in-the-middle, but this result that attacker-related information is lost during the transmission and the origin of the attack on the target ma-chine becomes the Honeyd server. The primary goal of this thesis is to develop a honeypot that provides the core functionalities of Honeyd tailored to current security trends. Another intention of the thesis is to improve the proxy functionality and logging capabilities of Honeyd.

In our honeypot solution, we address the issue of losing attack-related information and propose a method to ensure that information about the source of the attacks are properly transferred to the target host. Honeyd logs attempted and completed connections for all protocols, and additional information can be gathered from the emulated services. The obtained information is stored on the system using Syslog. Our implementation extends the basic logging capabilities by adding support to local and remote database logging and logging through HP feeds protocol, which is a lightweight publish-subscribe protocol for data exchange.

Nowadays HP feeds is used as one of the most common methods to gather logs from honeypots. In order to provide a solution to the problem of difficult and time-consuming deployment and management procedures for honeypots, our solution leverages the Modern Honey Network utility that allows automated methods of deployment, configuration, and management of honeypots. The Modern Honey Network also supports storage; HP feeds logging and real-time visualization of attack-related data.

Our honeypot also implements a web server that provides statistical information about the attacks on the network. The thesis aims to familiarize the reader with the basic theory of honeypots and document the development process of the solution. An additional aspect of this work is to discuss the expediency of the realized improvements with members of the National Cyber Security Centre (NCSC).

 

1.3.   AIMS AND OBJECTIVES

The aim of this thesis is to introduce the reader to the world of honey-pots, present an overview of the functionalities such systems provide and explain the concepts behind them. Furthermore, this paper will de-scribe the implementation process of a standalone honeypot software solution created in the scope of this work. The honeypot framework will supplement the current solutions and add new features to the existing Honeyd design. The improvements aim to modernize Honeyd’s model by providing new logging capabilities, easier deployment methods and enhancing its proxy functionality.

Two or more honeypots on a network form a honeynet. Typically, a honeynet is used for monitoring and/or more diverse network in which one honeypot may not be sufficient. Honeynets are usually implemented as parts of larger network intrusion-detection systems. Honeynet is a network of production systems. Honeynets represent the extreme of research honeypots. Their primary value lies in research, gaining information on threats that exists in the Internet community today.

The two main reasons why honeypots are deployed are:

1.     To learn how intruders probe and attempt to gain access to your systems and gain insight into attack methodologies to better protect real production systems.

 

2.     To gather forensic information required to aid in the apprehension or prosecution of intruders.

 

1.4.   STATEMENT OF THE PROBLEMS

Honeypots can be involved in different aspects of information security, such as detection, prevention, and information gathering. Essentially, a honeypot is a security resource, whose value lies in unauthorized or illicit use of that resource [19]. Honeypots have no production value, anything going to or from a honeypot is likely a probe, attack or com-promise, ensued from its concept: nobody should use a honeypot, therefore any transaction or interactions with a honeypot are unauthorized and possibly malicious. This approach excludes the possibility of false alerts whether positive or negative, granting advantage against other network monitoring techniques, like intrusion detection systems. Honeypots have tremendous potential for the security community, and these systems can accomplish goals few other technologies can. How-ever, like any other technology, they have some challenges to overcome. Deploying honeypots in a way that they cannot be identified by attackers is a difficult problem, as the effectiveness of these systems heavily depends on the assumptions that the attacker is not aware that he is interacting with a decoy and not a real production system. In an ideal situation, the differences between a honeypot and a real system should be negligible. Honeypots are either deployed as virtual machines or installed on a real system encapsulated by application virtualization or sandboxing. The issue with virtual honeypots is the virtualization software may leak information about the emulated hardware, which can lead to the detection of the honeypot. Honeypots deployed on real systems face different problems, the operating-system-level virtualization software is typically not designed for security use, therefore the identification and circumvention of these protective barriers is an issue that can lead to system compromise. Security events have to be exported from the honeypot and stored on a different host, due to the reason that logged data cannot be trusted in case of a system compromise. The significance of this thesis is to help address some of these issues in the research field of honeypot systems and contribute the created honeypot solution to the security community.

 

 

 

1.5.         SIGNIFICANCE OF THE STUDY

The significance of this work is to understand how honeypot-based security systems help to provide protection against different kinds of attacks and learn the terms, concepts, and architectures used in the realm of these systems. The main initiative behind this thesis is to design and implement a standalone honeypot solution that is practical to use in real-life scenarios and can serve as a base point for further development. Gathering more data about malicious attacks can contribute to the advancement of future protective measures and can improve sensitive information protection policies.

 

1.8.         LIMITATION

The project covers the implementation of a new honeypot design. More precisely this design is an actualization of an existing honeypot extended with new functionalities. The scope of the project was limited to defined areas of design in accordance with the assignment. Since the focus of the design is narrowed to the given task the created software has some limitations on other areas that can be further developed. The given time frame and the available equipment do not allow addressing the full potential of the implemented design.

 

1.9.         SCOPE OF THE STUDY

The main advantage of Honeypot is that it provides security to the actual server means if an attacker penetrates the weakness then only the decoy system(Honeypot) get affected, not your real server. Honeypot creates a log files and collect information from this file about the tools and software used by the attackers to harm your system. By this information system administrator provides an additional security to your system and be confident that no sensitive data is leaked to an attacker.

 

 

1.10.    PURPOSE OF THE STUDY

The purpose of our study is to develop efficient solutions to overcome current honeypot limitations. We addressed the issue of the size and the location of honeynets by correlating network flows with darknet data. We solved the problem of scalability of high interaction honeypot by implementing an advanced hybrid honeypot architecture called Honeybrid. We solved the problem of configuring honeynets in large organization network by using a server and scanner discovery program based on network flows.

 

1.11.    SIGNIFICANT OF THE STUDY

Its primary purpose is not to be an ambush for the black hat community to catch them in action and to press charges against them. The focus lies on a silent collection of as much information as possible about their attack patterns, used programs, and the black hat community itself. All this information is used to learn more about the black hat proceedings and motives, as well as their technical knowledge and abilities. This is just a primary purpose of a honeypot. There are a lot other possibilities for a honeypot- divert hackers from productive systems or seize a hacker while conducting an attack are just two possible examples.

1.12.    DEFINITION OF TERMS

Network sensor: is defined as an unused IP address instrumented to collect information about suspicious traffic. We separate sensors into two categories: passive sensors, which simply collect data without any interaction with the source of traffic; and active sensors, which can interact with the source of traffic to collect additional information.

Honeypot: is defined as a network device that provides a mechanism for completing network connections not normally provided on a system and logging those connection attempts. We note that honeypot and active network sensor are synonyms.

Darknet: is defined as a network of passive sensors.

Honeynet: is defined as a network of honeypots.

Honeypot architecture: we mean a specific combination of software solutions to administrate a honeynet.

Honeypot framework: we mean the combination of honeypot architecture and a data processing solution to analyze malicious network activity.

 

ADVANCED HONEYPOT ARCHITECTURE FOR NETWORK THREATS QUANTIFICATION

Additional Information

  • The Project Material is available for download.
  • The Research material is delivered within 15-30 Minutes.
  • The Material is complete from Preliminary Pages to References.
  • Well Researched and Approved for supervision.
  • Click the download button below to get the complete project material.

Frequently Asked Questions

In-order to give you the best service available online, we have compiled frequently asked questions (FAQ) from our clients so as to answer them and make your visit much more interesting.

We are proudly Nigerians, and we are well aware of fraudulent activities that has been ongoing in the internet. To make it well known to our customers, we are geniune and duely registered with the Corporate Affairs Commission of the republic of Nigeria. Remember, Fraudulent sites can NEVER post bank accounts or contact address which contains personal information. Free chapter One is always given on the site to prove to you that we have the material. If you are unable to view the free chapter 1 send an email to info@allprojectmaterials.com with the subject head "FREE CHAPTER 1' plus the topic. You will get a free chapter 1 within an hour. You can also check out what our happy clients have to say.


Students are always advised to use our materials as guide. However, if you have a different case study, you may need to consult one of our professional writers to help you with that. Depending on similarity of the organization/industry you may modify if you wish.


We have professional writers in various disciplines. If you have a fresh topic, just click Hire a Writer or click here to fill the form and one of our writers will contact you shortly.


Yes it is a complete research project. We ensure that our client receives complete project materials which includes chapters 1-5, full references, questionnaires/secondary data, etc.


Depending on how fast your request is acknowledged by us, you will get the complete project material withing 15-30 minutes. However, on a very good day you can still get it within 5 minutes!

What Clients Say

Our Researchers are happy, see what they are saying. Share your own experience with the world.
Be polite and honest, as we seek to expand our business and reach more people. Thank you.

A Research proposal for advanced honeypot architecture for network threats quantification:
Reviews: A Review on advanced honeypot architecture for network threats quantification, advanced, honeypot, architecture project topics, researchcub.info, project topic, list of project topics, research project topics, journals, books, Academic writer.
Through the widespread use of computer technology, a large number of devices have become interconnected with other systems. Day by day the threat landscape is evolving fast and with humanity’s increasing dependency on computerized equipment and networks, securing these systems became highly important. With the aim to learn more about attack patterns and behavior, decoy systems under the name of honeypots have been deployed. In terms of computer security, a honeypot is a mechanism set to detect, deflect, or counteract attempts that aim at the unauthorized use of production systems. Through the use of honeypots, valuable information can be learned about the attacker proceedings and motives as well as their technical knowledge and abilities. As computer networks are frequently targeted by various hostile activities independently of their scale, honeypots became subject to intensive research for quite some time. One of the widely used honeypot solutions was Honeyd. Honeyd is a framework that allows the creation of virtual network hosts, which can be configured to mimic the network stack of different operating systems (OS). The configured virtual systems can be arranged in complex network topologies, where Honeyd can simulate the routing of network traffic. Honeyd is capable of handling many network connections and it allows monitoring activity on a wide Internet Protocol (IP) address space instead of the usual single IP address for other honey-pots. As Honeyd’s development ha.. computer science education project topics

ADVANCED HONEYPOT ARCHITECTURE FOR NETWORK THREATS QUANTIFICATION

Project Information

  • CATEGORY : COMPUTER SCIENCE EDUCATION
  • TYPE : PROJECT MATERIAL
  • FORMAT : MICROSOFT WORD
  • ATTRIBUTE : Documentation Only
  • PAGES : 70 Pages
  • CHAPTERS : 1 - 5
  • PRICE : ₦ 3,000.00

Share Links

Download Post
Download Post

Search for Project Topics

Project topics in Departments

Do you need a writer for your academic work?