HONEYPOT IMPLEMENTATION USING
INTRUSION DETECTION SYSTEM
Every organization which in some way is connected to the internet faces
some threats to its overall security. There are tools that help these
organizations to counter these problems like anti-viruses, firewalls etc.
But they can only avert the attack and cannot tell who attacked the
network and how?
Hence honeypot is a well technique in this domain to answer such
questions. A honeypot is used in a computer network to safeguard it from
attackers who wants to either compromise the network or install some malicious
toolkit into the network to get backdoor access. Honeypot is a system which is
intended to be attacked so as to gain precious information about the attacker.
Being an intrusion detection system honeypot create a system log of each
input and output data and compare this system log with the attacking byte of
data to identify the attack and in term the attacker itself.
This paper will first give an introduction to Intrusion Detection
System, honeypots-the types and uses and then their implementation using
raspberry pi as a potential cost-effective honeypot, that will incorporate all
the basic features of all the freely available Linux based honeypot modules for
raspberry pi i.e will record all the attacker’s activity and after deep
analysis not only display the type of attack but will also display Achilles
heel (vulnerability) of the network, log the incoming malicious packets with their potential source
Keywords: Security, Statistics, Raspberry pi, Security, Network.
Information is a vital aspect of an
organization and administrations devote a considerable amount of their organizational
budget on dealing with security of information. Information security has
objectives among them the three fundamental objectives are:
to safeguard the information
to protect information accuracy.
grant specific write to specific personnel to manipulate or read information
Security methods now a day’s emphasis more on
defence rather than track and attack. One of the hostile form of defence
mechanism that has emerged are HONEYPOTS. It is a trapping resorce which are
configured as potential system vulnerability.
The projected architecture is based on
IMPLEMENTATION OF RASPBERRY-PI AS AN INTRUSION DETECTION SYSTEM using the
existing tools and methods like Snort,
kippo, Dionaea, glastopf and
amalgamating their key features into a totally new , cost effective INTRUSION
DETECTION SYSTEM based entirely on RASPBERRY PI.
Figure 1: IDS deployent
detection system (IDS)
is a device or sometimes a software
application that observers an
organization’s network for malevolent events.
TYPES OF IDS
The HIDS is a type intrusion detection machine which is on the host machine and scans the
host machine for events. These HIDS are usually deployed on a single machine.
It tests all the packets in the network and
detects invaders in the network.
The hybrid IDS is a combination of both Host
based and network based IDS.
Approaches of intrusion detection are:
Ø Irregularity-based intrusion detection techniques:
These IDS track activity based on some specific
behaviour of the invader.
They search for events of specific behaviour.
Knowledge-based intrusion detection
approach involves looking for specific event .
approach is much more realiable than irregularity-based as it generates fewer
false alarms because the search criteria is specific, but the down side of this
approach is that it only covers events which is predefined in its database.
A Honey Pot is part of an
intrusion detection technique used to malevolent movement and in turn helps to build a better network defences attacks.
A honey pot is a machineintently
deployed on a network to seduce the attacker to attack it.
A honeypot is a
security mechanism who’s purpose on the
network is to get attacked or get compromised.
Honeypots are installed
on an IP address which is not used by the organization and is observed by
administrator. If any data packet or sender interacts with the honeypot then it
is considered suspicious.
The goals of a honeypot
system is to look like a regular node on a
network that behaves as a potential vulnerability in the eye of the hacker, to divert the attention
of the attacker from the real network.
HONEYPOTS BASED ON LEVEL OF INTERACTION
Honeypots are categorized into 3
types, these are:-
They are used for simply collectingthe
information of the attack.
They give an impression of a real computer
system and probes the attacker to interact with it.
They are the advance version of honeypots and have complex setup process. They
have their own operating system.
The Raspberry Pi is a small single board computer with ARM chipset which is of
low cost and is size of a business card that can be connected monitor
and can use keyboard and mouse.
Figure 2: Raspberry PI
RASPBERRY PI HONEYPOT
The projectedsystem is developed as aindividual device (raspberry pi) outside
of the network and will be later physically
attached to the network.
Raspberry pi based honeypots can be integrated into any environment
which makes themchallenging to track..
As per being affordable the deployment of multiple raspberry pi based
honeypot is possible.
Figure 3: Honeypot Deployment Diagram
USSAGE OF RASPBERRY PI AS A HONEYPOT
The proposed system is theoretically based on
implementing raspberry pi as a HONEYPOT using the key features of different
honeypot firmware available for raspberry pi to be implemented. This HONEYPOT
IDS can be applied as a client and server.
The client workstation serves to find the vulnerability of the
attacker’s method, record and track the malicious packets in the network and
sends it to the server. Server analyses received data decides whether to issue
a security warning or not.
Advantages of Raspberry-pi as Honeypot are:-
Ø Simple: Raspberry pi based honeypot is simple to deploy and does
not require any complex algorithm.
Ø Cost Effective: As raspberry pi is easily available and is very
cheap, hence deploying raspberry pi as honeypot is very easy.
Ø Record new tactics: The proposed device will capture all interaction
with the intruder.
Honeypots are valuable are powerful instruments
for detecting compromised hosts and learning how to repair them; and they can
be used along with more traditional network defences such as firewalls and IDS.
As such, honeypots can be used to tangibly improve the security of large
Chuvakin Ph.D., Honeypot Essentials, Information System Security. 2013;11:6,
Accessed: 10 May 2014)
Lim, Mario Marcello, Andrew Japar, Joshua Tommy, I EngKho Information
Technology Department Swiss German University,Development of Distributed
Honeypot Using Raspberry Pi 2014