Abstract:
Cyber attacks are evolving as a sophisticated challenge. Traditional signature based security devices (secure gateways, next generation firewalls, antivirus, IPS etc.) are not sufficient to learn attack’s taxonomy. Although such measures are sufficient for identified vulnerabilities with signatures. They fail to protect zero day attacks. Hence a security tool required to spy intruders by deceiving and slowing down their attack. Honeypots or related technologies can be used for this purpose.
Considering this, distributed honeypots reviewed and analyzed the attack patterns on our educational domain (.edu.pk) which is prime focus of this research. Before this we lacked the updated and readily available recent attack trends, which is essential to equip with centralized repositories of attack patterns. The main reason behind this situation is that we have no real world Intrusion Detection Systems (IDS) in place which provides us updated information about attack patterns. The real world IDS means a system having no controlled access but has potential of analyzing and learning about a particular attack. Researcher deployed a detection mechanism consisting of distributed honeypot sensors in different universities to gather maximum data from .edu.pk ccTLD (Country Code Top Level Domain). Extensive study was carried out followed by evaluation of solutions which resulted in screening of tools used in research. Then selected honeypot tools used that fulfills our goal to analyze attack trends faced by our higher educational institutes. The focus is towards active attacks from the internet on university networks and their analysis in the form of updated attack trends.
Research aims at collecting cyber attacks data within our regional internet space and their live trends analysis. The distributed honeypot sensors were placed in between an unmonitored internet connection and firewall. This system design has ability to capture maximum amount of data since the packets are not being filtered. The results are encouraging and prove that honeypot is a demanding tool for today’s cyber security world.
Current research has further derived a centralized mechanism to store and present the logs generated by honeypot in a user friendly and meaningful way. The adopted approach resulted in efficient and effective analysis.