HONEYPOT cannot tell who attacked the network and how?

HONEYPOT IMPLEMENTATION USING
RASPBERRY PI

AS

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

INTRUSION DETECTION SYSTEM

 

Shrikant Patel*

Pankaj Lathar**

Prabhdeep ***

 

ABSTRACT-

Every organization which in some way is connected to the internet faces
some threats to its overall security. There are tools that help these
organizations to counter these problems like anti-viruses, firewalls etc.

But they can only avert the attack and cannot tell who attacked the
network and how?

Hence honeypot is a well technique in this domain to answer such
questions. A honeypot is used in a computer network to safeguard it from
attackers who wants to either compromise the network or install some malicious
toolkit into the network to get backdoor access. Honeypot is a system which is
intended to be attacked so as to gain precious information about the attacker.

Being an intrusion detection system honeypot create a system log of each
input and output data and compare this system log with the attacking byte of
data to identify the attack and in term the attacker itself.

This paper will first give an introduction to Intrusion Detection
System, honeypots-the types and uses and then their implementation using
raspberry pi as a potential cost-effective honeypot, that will incorporate all
the basic features of all the freely available Linux based honeypot modules for
raspberry pi i.e will record all the attacker’s activity and after deep
analysis not only display the type of attack but will also display Achilles
heel (vulnerability) of the network, log the incoming  malicious packets with their potential source
info.

Keywords: Security, Statistics, Raspberry pi, Security, Network.

 

 

 

 

1.     
INTRODUCTION

 

Information is a vital aspect of an
organization and administrations devote a considerable amount of their organizational
budget on dealing with security of information. Information security has
objectives among them the three fundamental objectives are:

·        
Privacy i.e
to safeguard the information

·        
Accuracy,
to protect information accuracy.

·        
Access i.eto
grant specific write to specific personnel to manipulate or read information

Security methods now a day’s emphasis more on
defence rather than track and attack. One of the hostile form of defence
mechanism that has emerged are HONEYPOTS. It is a trapping resorce which are
configured as potential system vulnerability.

The projected architecture is based on
IMPLEMENTATION OF RASPBERRY-PI AS AN INTRUSION DETECTION SYSTEM using the
existing tools and methods like Snort,
kippo, Dionaea, glastopf  and
amalgamating their key features into a totally new , cost effective INTRUSION
DETECTION SYSTEM based entirely on RASPBERRY PI.

 

2.     
INTRUSION DETECTIONSYSTEM

Figure 1: IDS deployent

An intrusion
detection system (IDS)
is a device or sometimes a software
application that observers an
organization’s network for malevolent events.

2.1 
TYPES OF IDS

·        
Host-based IDS(HIDS):

The HIDS is a type intrusion detection machine  which is on the host machine and scans the
host machine for events. These HIDS are usually deployed on a single machine.

 

·        
Network-based IDS(NIDS):

It tests all the packets in the network and
detects invaders in the network.

·        
Hybrid IDS:

The hybrid IDS is a combination of both Host
based and network based IDS.

 

Approaches of intrusion detection are:

Ø  Irregularity-based intrusion detection techniques:

 

These IDS  track activity based on some specific
behaviour of the invader.

They search for events of specific behaviour.

 

Ø 
Knowledge-based intrusion detection
techniques:

 

This
approach involves looking for specific event .

This
approach is much more realiable than irregularity-based as it generates fewer
false alarms because the search criteria is specific, but the down side of this
approach is that it only covers events which is predefined in its database.

 

3.     
HONEYPOT

A Honey Pot is part of an
intrusion detection technique used to malevolent movement and  in turn helps to build a better  network defences attacks.

A honey pot is a machineintently
deployed on a network to seduce the attacker to attack it.

A honeypot is a
security mechanism who’s purpose on  the
network is to get attacked or get compromised.

Honeypots are installed
on an IP address which is not used by the organization and is observed by
administrator. If any data packet or sender interacts with the honeypot then it
is considered suspicious.

 

The goals of a honeypot
system is to look  like a regular node on a
network that behaves as a potential vulnerability in the eye of the hacker, to divert the attention
of the attacker from the real network.

 

3.1  TYPES
HONEYPOTS BASED ON LEVEL OF INTERACTION

Honeypots are categorized into 3
types, these are:-

·        
Low
interaction:-

They are used for simply collectingthe
information of the attack.

 

·        
Medium
interaction:-

They give an impression of a real computer
system and probes the attacker to interact with it.

·        
High-Level
interaction:-

They are the advance version of  honeypots and have complex setup process. They
have their own operating system.

 

4.     
RASPBERRY PI

The Raspberry Pi is a small single board computer with ARM chipset which is of
low cost and is size of a business card that can be connected  monitor 
and can use keyboard and mouse.

 

 

 

 

 

                F

Figure 2: Raspberry PI

 

 

5.     
RASPBERRY PI HONEYPOT

The projectedsystem is developed as aindividual device (raspberry pi) outside
of the network and  will be later physically
attached to the network.

Raspberry pi based honeypots can be integrated into any environment
which makes themchallenging to track..

As per being affordable the deployment of multiple raspberry pi based
honeypot is possible.

 

 

 

 

Figure 3: Honeypot Deployment Diagram

 

 

6.     
USSAGE OF RASPBERRY PI AS A HONEYPOT

The proposed system is theoretically based on
implementing raspberry pi as a HONEYPOT using the key features of different
honeypot firmware available for raspberry pi to be implemented. This HONEYPOT
IDS can be applied as a client and server.

The client workstation serves to find the vulnerability of the
attacker’s method, record and track the malicious packets in the network and
sends it to the server. Server analyses received data decides whether to issue
a security warning or not.

 

 

 

7.     
ADVANTAGES

Advantages of Raspberry-pi as Honeypot are:-

Ø  Simple:  Raspberry pi  based honeypot is simple to deploy and does
not require any complex algorithm.

Ø  Cost Effective: As raspberry pi is easily available and is very
cheap, hence deploying raspberry pi as honeypot is very easy.

Ø  Record new tactics: The proposed device will capture all interaction
with the intruder.

 

 

8.     
CONCLUSION

Honeypots are valuable are powerful instruments
for detecting compromised hosts and learning how to repair them; and they can
be used along with more traditional network defences such as firewalls and IDS.
As such, honeypots can be used to tangibly improve the security of large
enterprise networks.

 

 

9.     
REFERENCES

1.       
Anton
Chuvakin Ph.D., Honeypot Essentials, Information System Security. 2013;11:6,
15-20

2.       
Dioanae,
Online, http://dionaea.carnivore.it/ 
Accessed: 10 May 2014)

3.       
Charles
Lim, Mario Marcello, Andrew Japar, Joshua Tommy, I EngKho Information
Technology Department Swiss German University,Development of Distributed
Honeypot Using Raspberry Pi 2014

4.       
www.wikipedia.org