Site Loader

Abstract- In couple of decade’s number of attacks on IT organization has increased. Among them small and medium sized organization’s risk is higher because of lower security architecture in their system. Attackers use SQL injection and XSS type of attacks to misuse the vulnerability of the system or the organization. A mechanism which is created to learn about the attackers’ method of attack and pattern and also used to get useful information about the interfering activity is Honeypot. Honeypots can be classified according to the level of interaction as low-interaction, medium interaction, high-interaction and the purposed for which it is used as research honeypot and production honeypot. Detailed study about the types of honeypot is included in this paper. Various honeypot results are enlisted in this paper to show that how honeypot works in real-time environment and how it responds when any unwanted activity occurs in the network. Key words – Network security, Honeypot, Intrusion-detection, Types of Honeypot, Honeynet.  I. INTRODUCTION Attacks on websites and databases are increasing day by day rapidly. Among all of them artificial attacks are being increased hugely, which affects small and medium sized companies also. There are few features of these artificial attacks which involve high skilled attackers, also knowledge about the targets etc. So there must be some system to detect those attacks on the databases. To use honeypot for these systems special care should be given like after applying honeypot the system must look real and is capable for create logs for all doubtful entries. From the basis on this idea we have formed this architecture which is useful to detect attacks and also create logs for all entries in the database, from which we can find if there is any doubtful entry is occurred with wrong purpose. Though hardware based honeypots are very valuable and complicated to install for medium and small sized companies, software based low-interaction honeypot are more suitable for that. According to the Lance Spitzner, Founder of Honeypot Technology, “A honeypot is an information system resources whose value lies in unauthorized of illegal use of that resources”. A honeypot can identify the performance of the attacker or the intrusion information to observe and record the details of the attacker and create a log of malicious entries and analyzes the level, purpose, tools and methods used by the attacker so that evidence can be obtained and further actions can be taken. Honeypot technology and traditional security system combined can build an active network security protection system.II. HONEYPOT CLASSIFICATION A. Based on level of interaction Honeypots can be classified based on the level of interaction between interrupter and system. These are Low-interaction, high-interaction and medium-interaction honeypot. ? Low-interaction honeypot: These types of honeypots have the limited extend of interaction with external system. FTP is the example of this type of honeypot. There is no operation system for attackers to interact with, but they implement targets to attract or identify attackers by using software to follow the features of a particular operating system and network services on a host operation system. Main advantage of this type of honeypot is that, it is very easy to display and maintain and it does not involve any complex architecture. With this advantage there is also some drawback of this system. That is, it will not respond accurately to exploits. This creates the limitation in ability to support in discovering new vulnerabilities or new attack patterns. Low-interactive honeypots are a safer and easy way to gather info about the frequently occurred attacks and their sources. ? High-interaction honeypot: This is the most advanced honeypot. This type of honeypot have very higher level of interaction with the intrusive system. It gives more realistic expeHoneypot: Concepts, Types and Working2 Abstract- In couple of decade’s number of attacks on IT organization has increased. Among them small and medium sized organization’s risk is higher because of lower security architecture in their system. Attackers use SQL injection and XSS type of attacks to misuse the vulnerability of the system or the organization. A mechanism which is created to learn about the attackers’ method of attack and pattern and also used to get useful information about the interfering activity is Honeypot. Honeypots can be classified according to the level of interaction as low-interaction, medium interaction, high-interaction and the purposed for which it is used as research honeypot and production honeypot. Detailed study about the types of honeypot is included in this paper. Various honeypot results are enlisted in this paper to show that how honeypot works in real-time environment and how it responds when any unwanted activity occurs in the network. Key words – Network security, Honeypot, Intrusion-detection, Types of Honeypot, Honeynet.  I. INTRODUCTION Attacks on websites and databases are increasing day by day rapidly. Among all of them artificial attacks are being increased hugely, which affects small and medium sized companies also. There are few features of these artificial attacks which involve high skilled attackers, also knowledge about the targets etc. So there must be some system to detect those attacks on the databases. To use honeypot for these systems special care should be given like after applying honeypot the system must look real and is capable for create logs for all doubtful entries. From the basis on this idea we have formed this architecture which is useful to detect attacks and also create logs for all entries in the database, from which we can find if there is any doubtful entry is occurred with wrong purpose. Though hardware based honeypots are very valuable and complicated to install for medium and small sized companies, software based low-interaction honeypot are more suitable for that. According to the Lance Spitzner, Founder of Honeypot Technology, “A honeypot is an information system resources whose value lies in unauthorized of illegal use of that resources”. A honeypot can identify the performance of the attacker or the intrusion information to observe and record the details of the attacker and create a log of malicious entries and analyzes the level, purpose, tools and methods used by the attacker so that evidence can be obtained and further actions can be taken. Honeypot technology and traditional security system combined can build an active network security protection system.II. HONEYPOT CLASSIFICATION A. Based on level of interaction Honeypots can be classified based on the level of interaction between interrupter and system. These are Low-interaction, high-interaction and medium-interaction honeypot. ? Low-interaction honeypot: These types of honeypots have the limited extend of interaction with external system. FTP is the example of this type of honeypot. There is no operation system for attackers to interact with, but they implement targets to attract or identify attackers by using software to follow the features of a particular operating system and network services on a host operation system. Main advantage of this type of honeypot is that, it is very easy to display and maintain and it does not involve any complex architecture. With this advantage there is also some drawback of this system. That is, it will not respond accurately to exploits. This creates the limitation in ability to support in discovering new vulnerabilities or new attack patterns. Low-interactive honeypots are a safer and easy way to gather info about the frequently occurred attacks and their sources. ? High-interaction honeypot: This is the most advanced honeypot. This type of honeypot have very higher level of interaction with the intrusive system. It gives more realistic expe

Post Author: admin

x

Hi!
I'm Erica!

Would you like to get a custom essay? How about receiving a customized one?

Check it out