Ashani1, Deesha Nirmal 2, Viral Doshi3, Nikita
1Student, Department of Computer Engineering, Atharva College
of Engineering, Mumbai, India
2Student, Department of Computer Engineering, Atharva College
of Engineering, Mumbai, India
3Student, Department of Computer Engineering, Atharva College
of Engineering, Mumbai, India
4Assistant Professor, Department of Computer Engineering,
Atharva College of Engineering, Mumbai, India
Abstract : With the
recent advancements in cyber attack and ready available internet connection
security has become more and more of an issue. Here, honeypots can be used to
ensure security. Honeypot uses deception to trap the attacker and also logs
details about the attacker. The purpose of the paper is to give an in depth
idea about what honeypot is and how it can be deployed on a network for
protecting from malicious usage of any sensitive data. It also focuses on the various
attacks that can occur on the system.
– Honeypot, Honeynet, Intrusion
Advances in Technology and human dependency on them are
rapidly increasing gradually. Apart from this, the number of devices connected
to a Network is also on its peak. With these ever changing technologies,
threats are also increasing day by day. Therefore for any network administrator
it becomes at most necessary to protect the systems and system data on a
network from any attackers.
There are possibilities of many loopholes in a network. A
hacker tries to detect these vulnerabilities in the network and then attack it
in order to get the access of important and confidential information stored on
the network. The hacker can also manipulate the sensitive information or can
delete the important records. Hackers can attack using various types of attacks
such as denial of service attack, brute force attack, phishing attack, IP
Spoofing and many more. These potential attacks can manipulate the system data
or use it for malicious activities.
There are various
technologies developed for preventing the systems from these attacks. One of
such technology is the Intrusion Detection System. The Intrusion Detection
System runs in the background and monitors the system and detects any malicious
activities on it. Intrusion detection system can be classified into two
types one which just notifies or alerts the network administrator about any
intrusion detected and the other type lets the network administrator to take
action against the intruder. 1However it does not obtain information
about the attackers. Another drawback of the Intrusion Detection System is that
in case of heavy traffic on the network, it is difficult to determine which
packets are deviated. Intrusion detection system is mainly suitable for small
scale network where preventing data breach is secondary purpose.
Honeypot is a system which is deployed on a network in order
to detect malicious activities and protect the system from various attacks.
Honeypot detects malicious activities and tries to deceive the attacker. The
attacker thinks that the system which is being attacked is a real system
whereas it is a trap created by the Honeypot. 2In this process the
Honeypot tries to obtain the information about the attacker and also prevent
the network from the attacks. In other terms, Honeypot is basically a decoy or
This paper gives an overview of Honeypot and its application
in real time systems. The objective of this paper is to represent the various
trends and opportunities for Honeypot researchers.
honeypot is a machine or a system that is usually designed with the aim of
detecting and trapping any attempt to penetrate into an experimental system. 3It
acts as masquerade to the attacker. If the attacker breaks into the system or
server, then the honeypot which resembles the original server will be assaulted
by the attack, while the actual system remains safe and untouched as a server
behind the honeypot. 4For those who are not experienced attackers,
they tend to think that they have easily managed to hack the system / server.
However, all actions, tools, and techniques used in the attack have been
recorded for study by the System Administrator concerned through the data and
information presented by the honeypot.
Fig 1.1 Basic Working of Honeypot System
Fig 1.1 shows basic working of
honeypot system. 5Any malicious user will be redirected to a fake
server so that the actual network remains unaffected. Simillary, Legitimate
users of the network will be able to access network services as they won’t be
redirected to honeypot trap.
6According to their use and their involvement, Honeypots can
be classified as production and research honeypots.
are primary honeypots which can detect the attacks and provide a warning to the
attackers. These type of honeypots are easy to deploy and provide least
information about the attacks and attackers.
Research Honeypots are
high level honeypot which are used by researchers or professionals. These
honeypots are capable of logging information about the intruder as well as the
techniques used by the intruder. These honeypot gather as much information as
possible. They provide information which can be used for statistical study or
Level of Interaction
Honeypot can be implemented in three
different levels depending upon its interaction and way of handling network
Low level interaction:
Honeypot designed to operate at low level interaction
is the most simplest honeypot. A low level interaction honeypot just
tries to record or log information about the attacker. But the drawback here
is, the attacker can easily recognize a honeypot at this level.
Medium level interaction:
As compared to low level honeypot, a medium level honeypot
cannot be recognized easily. Medium level honeypot are more complex than low
level interaction honeypot but long-delayed.
High level interaction:
High level interaction are complex to set up as they involve
real time operating system. Honeypot at this level misguides the hacker
to a fake system.
7In a network, if there are too many honeypots deployed then
it is known as a Honeynet. Typically, a honeynet is used for monitoring and/or
more diverse network in which one honeypot may not be sufficient. The purpose
of honeynet is to better understand the hacker’s behavior and methodologies.
They allow hacker to be easily identified.
The purpose of the proposed system
is to design a honeypot on a network and check the efficiency by attacking the
Following are the steps for
extraction procedure of honeypot.
Identify any attack on the system
and to log source and target information.
Redirecting the intruder to the
Extracting the attacker’s
Ban attacker from the network.
Generating records and statistical
The system will monitor the network and prevent it from
malicious activities and attacks. Honeypot will be deployed on the network
which will check whether the person entering the network is a legitimate user
or an attacker. If the user is legitimate, he will be given access to the
actual system else he will be redirected to a fake server. Meanwhile, Honeypot
Server will try to obtain the methodologies used by the attacker as well as the
As our dependence on computers and network constantly
increases, comprehensive network security is of tremendous importance. A first
requirement to be able to better protect networks assets is to gain a detailed
understanding of malicious threats. There are innumerable options available today
to access any sensitive information maliciously. Therefore, to counter such
attacks the concept of honeypot has been precisely invented to fill this task.
This system gave us an opportunity to study Honeypot and IDS system in detail.
It is important for organizations to secure their digital assets by detecting
and preventing vulnerabilities before they are exploited. Honeypot system
generates less number of alarms than IDS. Hence it can be concluded that
combination of Honeypot and Intrusion detection system can be suitably used as
most efficient system to ensure system security.
We gratefully acknowledge the assistance provided to us by
the following authorities in the completion of our project titled “SECURITY
USING HONEYPOT.” We take this opportunity to express our profound gratitude and
deep regards to our guide Prof. Nikita Patil having an immensely busy work
schedule, we never found any of our request of help and guidance to her being
turned down. We are sincerely grateful to her for his exemplary guidance,
monitoring and constant encouragement throughout the course of this project. We
would like to take the opportunity to thank the Head of department of Computer
Engineering, Prof. Mahindra Patil for permitting us to pursue this project.
A number of people contributed their time and efforts in making this project a
success. We would like to thank everyone who contributed their effort and
sharing time for our work and encouraging us to continue. In particular, we are
greatly indebted to our guide for his valuable suggestion and moral support
without which this project would not have been possible. Last but not the
least, we are thankful to our friends who inspired and encouraged us
1 Hibatul Wafi, Andrew Fiade, Nashrul
Hakiem, Rizal Broer Bahaweres, “Implementation of a Modern Security Systems
Honeypot Honey Network on Wireless Networks”, 20 17 International Young
Engineers Forum (YEF··ECE) Caparicil, Porlugal, May 5 , 2017 IEEE
Reddy Kondra, Santosh
Kumar Bharti, Sambit
Kumar Mishra, “Honeypot-based intrusion
detection system: A performance analysis”, Computing for Sustainable Global
Development (INDIACom), 2016 3rd International Conference on 16-18
March 2016 INSPEC : 16426743
M. Campbell, Keshnee Padayachee,Themba Masombuka, “A Survey of Honeypot
Research: Trends and Opportunities”, The 10th International Conference for
Internet Technology and Secured Transactions (ICITST-2015),
978-1-908320-52/0/$31.00 ©2015 IEEE
A. Somwanshi, Prof. S.A. Joshi, “Implementation of Honeypots for Server
Security”, International Research Journal of Engineering and Technology (IRJET)
e-ISSN: 2395 -0056 Volume: 03 Issue: 03 | Mar-2016, p-ISSN: 2395-0072
5 Jiqiang Zhai, Keqi Wang, Research on applications of honeypot in Campus Network
Information and Control (MIC), 2012 International Conference on 18-20 May 2012, 10.1109/MIC.2012.6273260, INSPEC: 13064684
Kumar Jain, Surbhi Singh, “Honeypot based Secure Network System”, Yogendra
Kumar Jain et al. / International Journal on Computer Science and Engineering
(IJCSE) ISSN : 0975-3397 Vol. 3 No. 2 Feb 2011 612
7 Anas Abd
Almonim Nour Albashir, “Detecting
unknown vulnerabilities using Honeynet”, Anti-Cybercrime (ICACC), 2015 First
International Conference on 10-12 Nov 2015, 10.1109/Anti-Cybercrime
Sembiring, Satya Wacana, “Implementation of Honeypot to Detect and Prevent
Distributed Denial of Service Attack”; Proc. of 2016 3rd Int. Conf. on
Information Tech., Computer, and Electrical Engineering (ICITACEE), Oct
19-21st, 2016, Semarang, Indonesia
9 https://www.networkworld.com/article/3234692/lan-wan/increase-your-network-security- deploy-a-honeypot.html, last
accessed 21/01/18, 08:34 pm
10 https://ethics.csc.ncsu.edu/abuse/hacking/honeypots/study.php, last accessed 27/01/18, 04:40 pm
last accessed 28/01/18, 02:40 pm