Article Preview
TopIntroduction
As the usage of internet increases most commonly user tasks are accomplished through it and for this the concept of distributed applications or databases has been considerably grown at the peak to provide fast access. Due to this wide network number of intruders also increases. So, there is need to put some strong mechanism across the network to restrict unauthorised access and for this various network devices such as firewall and Intrusion Detection Systems (IDS) (Mohame, Idris, Shanmugum, 2012) have been developed to block variety of attacks/threats to the network through incoming connections. Intrusion detection is the process of monitoring and capturing the network traffic and events occurring in a computer system that is later used to analysing them for malicious activities and possible signs of incident which are violations or threats of violation of computer security policies, acceptable use of policies and standard security practices that is defined by system administrators. An intrusion detection system (IDS) plays an important role in a network to provide good security environment. It enables the administrators to detect suspicious packets, activities, network vulnerabilities and attacks. All network traffic can be observed with the help of IDS and t is easy to detect as well as decode malicious traffic on a honey net (Li, Sun, & Zhang, 2011). and log some malicious packets at a centralized database.
The honeypot (Zhai & Wang, 2012) is an effective tool for observing and understanding intruder’s methods, tactics, behaviour and motivations. A honeypot observes and suspects every packet that is transmitted to and from it, giving it the ability to collect and capture less noisy datasets for network attack analysis. However, they do not replace traditional security systems they provide extension to network security whose value lies in unauthorized or illicit use of that resource. Honeypot (Mairh, Barik, Verma & Jena, 2011) is an emerging technology with great network security potential that can be placed inside, outside of the network as well as deployed inside of the firewall. It is a trap set used to divert attackers and hackers away from critical resources for unauthorised use. It can also be used to study an attacker’s methods and tools. It provides a large amount of valuable information that is used for analysis through which variety of attacks can be detected even working within an encrypted environment. All honeypot work (Mairh, Barik, Verma & Jena, 2011) same as they do not have any production value and they have no authorized activity so any interaction with honeypot is treated as malicious and unauthorized activity It acts as a warning tool which produce alarm if any malicious activity detected but it has risks associated with it such as firewalls being penetrated, encryption can be broken, failing of IDS sensors etc. Honey pot have many advantages such as small data sets which collect limited amount of information instead of gigabytes of data logging, reduced false positive for legitimate activity, catching false negatives for malicious activities, working with encrypted and IPV6 environment, highly flexible and simple, require minimal resources to capture bad activity. A generic implementation of honeypot has been shown in Figure 1.
Figure 1. Generic implementation of honeypot