ABSTRACT

A honeypot is a non-production system, design to interact with cyber-attackers to collect intelligence on attack techniques and behaviors. There has been great amount of work done in the field of network intrusion detection over the past three decades. With networks getting faster and with the increasing dependence on the Internet both at the personal and commercial level, intrusion detection becomes a challenging process. The challenge here is not only to be able to actively monitor large numbers of systems, but also to be able to react quickly to different events. Before deploying a honeypot it is advisable to have a clear idea of what the honeypot should and should not do. There should be clear understanding of the operating systems to be used and services (like a web server, ftp server etc) a honeypot will run. The risks involved should be taken into consideration and methods to tackle or reduce these risks should be understood. It is also advisable to have a plan on what to do should the honeypot be compromised. In case of production honeypots, a honeypot policy addressing security issues should be documented. Any legal issues with respect to the honeypots or their functioning should also be taken into consideration. In this paper we explain the relatively new concept of “honeypot.” Honeypots are a computer specifically designed to help learn the motives, skills and techniques of the hacker community and also describes in depth the concepts of honeypots and their contribution to the field of network security. The paper then proposes and designs an intrusion detection tool based on some of the existing intrusion detection techniques and the concept of honeypots.