HONEYPOT IMPLEMENTATION USINGRASPBERRY PI ASINTRUSION DETECTION SYSTEM Shrikant Patel*Pankaj Lathar**Prabhdeep *** ABSTRACT-Every organization which in some way is connected to the internet facessome threats to its overall security. There are tools that help theseorganizations to counter these problems like anti-viruses, firewalls etc.
But they can only avert the attack and cannot tell who attacked thenetwork and how?Hence honeypot is a well technique in this domain to answer suchquestions. A honeypot is used in a computer network to safeguard it fromattackers who wants to either compromise the network or install some malicioustoolkit into the network to get backdoor access. Honeypot is a system which isintended to be attacked so as to gain precious information about the attacker.Being an intrusion detection system honeypot create a system log of eachinput and output data and compare this system log with the attacking byte ofdata to identify the attack and in term the attacker itself.This paper will first give an introduction to Intrusion DetectionSystem, honeypots-the types and uses and then their implementation usingraspberry pi as a potential cost-effective honeypot, that will incorporate allthe basic features of all the freely available Linux based honeypot modules forraspberry pi i.e will record all the attacker’s activity and after deepanalysis not only display the type of attack but will also display Achillesheel (vulnerability) of the network, log the incoming malicious packets with their potential sourceinfo.Keywords: Security, Statistics, Raspberry pi, Security, Network. 1.
INTRODUCTION Information is a vital aspect of anorganization and administrations devote a considerable amount of their organizationalbudget on dealing with security of information. Information security hasobjectives among them the three fundamental objectives are: · Privacy i.eto safeguard the information· Accuracy,to protect information accuracy.· Access i.etogrant specific write to specific personnel to manipulate or read informationSecurity methods now a day’s emphasis more ondefence rather than track and attack.
One of the hostile form of defencemechanism that has emerged are HONEYPOTS. It is a trapping resorce which areconfigured as potential system vulnerability.The projected architecture is based onIMPLEMENTATION OF RASPBERRY-PI AS AN INTRUSION DETECTION SYSTEM using theexisting tools and methods like Snort,kippo, Dionaea, glastopf andamalgamating their key features into a totally new , cost effective INTRUSIONDETECTION SYSTEM based entirely on RASPBERRY PI. 2. INTRUSION DETECTIONSYSTEMFigure 1: IDS deployentAn intrusiondetection system (IDS)is a device or sometimes a softwareapplication that observers anorganization’s network for malevolent events. 2.1 TYPES OF IDS· Host-based IDS(HIDS):The HIDS is a type intrusion detection machine which is on the host machine and scans thehost machine for events.
These HIDS are usually deployed on a single machine. · Network-based IDS(NIDS):It tests all the packets in the network anddetects invaders in the network.· Hybrid IDS:The hybrid IDS is a combination of both Hostbased and network based IDS. Approaches of intrusion detection are:Ø Irregularity-based intrusion detection techniques: These IDS track activity based on some specificbehaviour of the invader.
They search for events of specific behaviour. Ø Knowledge-based intrusion detectiontechniques: Thisapproach involves looking for specific event .Thisapproach is much more realiable than irregularity-based as it generates fewerfalse alarms because the search criteria is specific, but the down side of thisapproach is that it only covers events which is predefined in its database.
3. HONEYPOTA Honey Pot is part of anintrusion detection technique used to malevolent movement and in turn helps to build a better network defences attacks.A honey pot is a machineintentlydeployed on a network to seduce the attacker to attack it.
A honeypot is asecurity mechanism who’s purpose on thenetwork is to get attacked or get compromised.Honeypots are installedon an IP address which is not used by the organization and is observed byadministrator. If any data packet or sender interacts with the honeypot then itis considered suspicious.
The goals of a honeypotsystem is to look like a regular node on anetwork that behaves as a potential vulnerability in the eye of the hacker, to divert the attentionof the attacker from the real network. 3.1 TYPESHONEYPOTS BASED ON LEVEL OF INTERACTIONHoneypots are categorized into 3types, these are:-· Lowinteraction:-They are used for simply collectingtheinformation of the attack. · Mediuminteraction:-They give an impression of a real computersystem and probes the attacker to interact with it.· High-Levelinteraction:-They are the advance version of honeypots and have complex setup process.
Theyhave their own operating system. 4. RASPBERRY PIThe Raspberry Pi is a small single board computer with ARM chipset which is oflow cost and is size of a business card that can be connected monitor and can use keyboard and mouse. FFigure 2: Raspberry PI 5. RASPBERRY PI HONEYPOTThe projectedsystem is developed as aindividual device (raspberry pi) outsideof the network and will be later physicallyattached to the network.Raspberry pi based honeypots can be integrated into any environmentwhich makes themchallenging to track.
.As per being affordable the deployment of multiple raspberry pi basedhoneypot is possible. Figure 3: Honeypot Deployment Diagram 6.
USSAGE OF RASPBERRY PI AS A HONEYPOTThe proposed system is theoretically based onimplementing raspberry pi as a HONEYPOT using the key features of differenthoneypot firmware available for raspberry pi to be implemented. This HONEYPOTIDS can be applied as a client and server.The client workstation serves to find the vulnerability of theattacker’s method, record and track the malicious packets in the network andsends it to the server. Server analyses received data decides whether to issuea security warning or not. 7.
ADVANTAGESAdvantages of Raspberry-pi as Honeypot are:-Ø Simple: Raspberry pi based honeypot is simple to deploy and doesnot require any complex algorithm.Ø Cost Effective: As raspberry pi is easily available and is verycheap, hence deploying raspberry pi as honeypot is very easy.Ø Record new tactics: The proposed device will capture all interactionwith the intruder.
8. CONCLUSIONHoneypots are valuable are powerful instrumentsfor detecting compromised hosts and learning how to repair them; and they canbe used along with more traditional network defences such as firewalls and IDS.As such, honeypots can be used to tangibly improve the security of largeenterprise networks. 9. REFERENCES1. AntonChuvakin Ph.D., Honeypot Essentials, Information System Security.
2013;11:6,15-202. Dioanae,Online, http://dionaea.carnivore.it/ Accessed: 10 May 2014)3. CharlesLim, Mario Marcello, Andrew Japar, Joshua Tommy, I EngKho InformationTechnology Department Swiss German University,Development of DistributedHoneypot Using Raspberry Pi 20144.