Design and Implementation of a Low-Cost Low Interaction IDS/IPS System Using Virtual Honeypot Approach

Marcos Rodrigues, Olamilekan Shobayo

Abstract


Network attacks have become prominent in the modern-day web activities and the black hat community have also gain more sophistication with the tools used to penetrate poorly guarded or unguarded networks. Network security administrators have also moved swiftly to counter the threats posed by the attacker with different network intrusion detection and monitoring tools. Low interaction honeypots were developed to entice hackers without causing any serious downtime to the production network, so that their activities and the way they access the network can be studied with a minimal setup cost. In this work, a low interaction virtual honeypot using the Honeyd daemon to lure attackers to the network and alert the attacker's activities in the network using the Snort IDS. The data captured is analysed based on the protocol and port used. It is then validated by analysing the attacker's activities once it is logged and accessed through Wireshark protocol analyser.


Full Text:

PDF

Refbacks

  • There are currently no refbacks.