Design and Development of Virtual Honeypot Framework based on Linux

Abstract

A honeypot is a closely monitored network decoy serving several purposes: it can distract adversaries from more valuable machines on a network, provide early warning about new attack and exploitation trends, or allow in-depth examination of adversaries during and after exploitation of a honeypot. Honeypot is a system which is built and set up in order to be hacked. Except for this, honeypot is also a trap system for the attackers which is deployed to counteract the resources of the attacker and slow him down, thus he wastes his time on the honeypot instead of attacking the production systems. Honeypots are a relatively new technique for achieving network security. While other techniques for securing networks e.g. IDS, Firewall etc are made to keep the attackers out, for the first time in the history of network security there is a technique which intends to keep the attackers ‘in’ thus allowing the researchers to gain more insight into the workings of an attacker. This thesis describes the design and implementation of Honeyd, a framework for virtual honeypots that simulates computer systems at the network level. Here we have tried to integrate the latest snort with the implemented solution to get the alerts of known attacks. Also an effort has been made to generate the automatic reports to get better view of the attacks occurring in the network.