CLOUD BASE HONEY POT SECURITY SYSTEM

BY

FATIMAH IBRAHIM BABA

17U/360150

A PROJECT

SUBMITTED TO THE COMPUTER SCIENCE DEPARTMENT

ADAMAWA STATE UNIVERSITY, MUBI

NOVEMBER, 2022

i
 CLOUD BASE HONEY POT SECURITY SYSTEM

BY

FATIMAH IBRAHIM BABA

17U/360150

A PROJECT SUBMITTED TO THE COMPUTER SCIENCE DEPARTMENT

ADAMAWA STATE UNIVERSITY, MUBI

IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE AWARD OF

BACHELOR’S DEGREE IN COMPUTER SCIENCE,

FACULTY OF SCIENCE ADMAWA STATE UNIVERSITY, MUBI, NIGERIA

ii
 Dedication

This project is dedicated to God Almighty who has been there for me right from the beginning to

this point. Special dedication also to my ever-supportive parents, for their support and

compassion towards me during the course of my program.

iii
 Acknowledgement

My appreciation goes to Almighty Allah for His infinite mercies, protection and wisdom

throughout the period of my BSC program. I wish to acknowledge the effort of my parent Barr.

Baba Inuwa, Mrs. Zulaihat Saidu and Mrs. Mario Mu’azu for their financial support,

unconditional love, support, guidance and control throughout the period of my program. With

deep sense of appreciation, respect and gratitude, I also want to say a big thank you to Auwal

Sale, Ahmed Inuwa, Shehu Salihu, Mairamu Sale, Aisha Inuwa, Aisha Ishaku Galadima, Aliyu

Muhammad Kaigama, Hamza Vokna, Nurudeen Isa, Sadiq Aliyu vwa, Naziru Yusuf Bello,

Maryam Yunusa, and my entire colleagues for their caring support during the period of my

program.

I also want to acknowledge the effort of the entire staff of computer Science Department

Adamawa State university, Mubi. My able supervisor in person of Dr. Yusufu Gambo thank you

for your mentorship guidance and incredible qualities of leadership.

iv
 Table of Contents
Declaration.................................................................................................................................................iii
Dedication...................................................................................................................................................iv
Acknowledgement.......................................................................................................................................v
Abstract.....................................................................................................................................................vii
CHAPTER ONE: INTRODUCTION..........................................................................................................1
1.1 BACKGROUND TO THE STUDY:........................................................................................1
1.2 STATEMENT OF THE PROBLEM........................................................................................3
1.3 AIM(S) AND OBJECTIVES.....................................................................................................4
1.4 RESEARCH QUESTION(S)....................................................................................................4
1.5 HYPOTHESES OF THE STUDY............................................................................................5
1.6 JUSTIFICATION OF THE STUDY........................................................................................5
1.7 SCOPE OF THE STUDY.........................................................................................................5
1.8 DEFINITION OF TERMS........................................................................................................5

v
 Abstract
A honeypot is a deception tool, designed to entice an attacker to compromise the electronic
information systems of an organization. If deployed correctly, a honeypot can serve as an early-
warning and an advanced security surveillance tool. It can be used to minimize the risks of
attacks on IT systems and networks. Honey pots can also be used to analyze the ways attackers
try to compromise an information system and to provide valuable insights into potential system
loopholes. This study investigated the effectiveness of the existing methodologies that is used to
detect and prevent attacks. A Honey pot system was used to collect information about the source
IP address, Location, and time of attackers. The project outlines strategies for making honeypots
more attractive for hackers to spend more time to provide hacking evidence.

vi
 CHAPTER ONE: INTRODUCTION

1.1 BACKGROUND TO THE STUDY:

In the era of information and technology network security has become the core issue in every

organizational network. Honey pots are integrated in network with firewall and Intrusion

detection systems to provide solid secure platform to an organization. Firewall provides the

filtering and generates logs to further analyze any malicious activity or any violation policy of

access control list, firewall rules. Different approaches like firewall demilitarized zone have been

used but they are not effective for today’s network security. Intrusion detection systems then

introduced to overcome the shortcomings of existing network. Intrusion detection system silently

monitor the network’s traffic and give the alerts to talk about any kind of intruders based upon

the database of signatures of existing intrusions. A number of issues were with IDS too as facing

with an increasing number of false negatives and false positives. Honey pots then introduced in

the network to utilize the network’s unused IPs and the attacker’s behavior is analyzed on these

honey pots. Honey pots improve IDS too by decreasing the numbers of false positives. With the

integration honey pots network security accuracy increases than the only implementation of

network Intrusion detection system. These are the increasing trends in information security

mechanism. For instance, the well-known companies Amazon possessing the world’s largest

database use database honey pots to deceive attackers to reach their actual honey pots. A. Honey

pots: Honey pot is a unique security resource which is a part of security mechanism deployed in

an organization. These are the resources you want the black hat guys to interact with. Basically,

honey pot is an IT resource whose value lies in an unauthorized or its illicit use. It means the

value of honey pots could be derived from the threats using them. Honey pots would have little

value if attacker doesn’t interact with them. Indeed, honey pots do not solve specific problems.

1
Instead, they are tools having applications to security. They can be used as early warning

systems, slowing down and automated attacks and capturing new exploits to gathering

intelligence on emerging threats. Furthermore, honey pots come in different sizes and shapes,

they can be emulated windows-based application, an entire network to be compromised and

attacked such as Honey nets. Also, honey pots don’t even have to be computer. They may be

credit card numbers, Excel spread sheets or login and passwords (known as honey tokens).

In the technology driven world we live in, the value guarding of information is crucial.

The ability to guard this information has become of the highest importance and an art form. With

that said, as a network administrator you have to be prepared to protect your network and the

information on your network with extreme and sometimes diverse measures. One of these

measures is a honey pot. With a honey pot, hackers are actually allowed in to your network to a

certain degree and then the ability to block them out becomes a reality by checking your logs to

see who and what they are doing it.

Spitzner, founder of the Honey net Project, he defines honey pot as a system designed to learn

how black-hats probe for and exploit weaknesses in an IT system”. In other words, a honey pot is

a decoy, put out on a network as bait to lure attackers. Honey pots are typically virtual machines,

designed to emulate real machines, feigning or creating the appearance of running full services

and applications, with open ports that might be found on a typical system or server on a network.

Honey pot works by fooling attackers into believing it is a legitimate system; they attack the

system without knowing that they are being observed covertly. When an attacker attempts to

compromise a honey pot, attack-related information, such as the IP address of the attacker, will

be collected. This activity done by the attacker provides valuable information and analysis on

2
attacking techniques, allowing system administrators to trace back to the source of attack if

required.

Honey pots can be used for production or research purposes. A production honey pot is used for

risk mitigation. Most production honey pots are emulations of specific operating systems or

services. They help to protect a network and systems against attacks generated by automated

tools used to randomly look for and take over vulnerable systems. By running a production

honey pot, the scanning process from these attack tools can bestow right down, thereby wasting

their time. Some production honey pots can even shut down attacks altogether by, for example,

sending the attackers an acknowledgement packet with a window size of zero. In this way,

production honey pots are often used as reconnaissance or deterrence tools. Research honey pots

are real operating systems and services that attackers can interact with, and therefore involve

higher risk. They collect extensive information and intelligence on new attack techniques and

methods, and hence provide a more accurate picture of the types of attacks being perpetrated.

They also provide improved attack prevention, detection and reaction information, drawn from

the log files and other information captured in the process. In general, honey pot research

institutions such as universities and military departments will run research honey pots to gather

intelligence on new attack methods. Some of the research results are published for the benefit of

the whole community Harisson. (Source http://www.honeynet.org)

1.2 STATEMENT OF THE PROBLEM

Security is the basic requirement of any web-based application. An unsecured system is

vulnerable to malicious attack by the intruders. The rampant increase in fraud, attacks on a

web site necessitate the design or creation of sample website to distract the attackers, divert

their attention from the real servers before doing any harm to it.

Attempts by attackers to breach security systems are rising every day. Intruders use tools

3
 like SubSeven, Nmap and LoftCrack to scan, identify, probe and penetrate Enterprise

systems.

Firewalls are put in place to prevent such unauthorized access to the Enterprise Networks.

However, Firewalls cannot prevent attacks coming from Intranet.

An Intrusion Detection System (IDS) reviews network traffic and identify exploits and

vulnerabilities; it is able to display alert, log event, and e-mail administrators of possible

attacks.

An Intrusion Prevention System on the other hand makes attempts to prevent known

intrusion

signatures and some unknown attacks due to the knowledge of attack behaviors in its

database.

However, an IDS can generate thousands of intrusions alerts every day, some of which are

false positives. This makes it difficult for an IDS to detect and identify the actual threats and

to protect assets. Thus, human intervention is required to investigate the attacks detected and

reported by an IDS (Kaur, Malhotra, & Singh, 2014).

1.3 AIM(S) AND OBJECTIVES

The aims of this work are:

i. Distract the attackers from real servers and retrieving the IP address of the accessing

system.

ii. To reduces the risk of attackers to an information system to the minimum level.

The Objective of this work is

i. Create an opportunity to detect and responds to attacks before the attackers are able to do

any real harm.

4
1.4 RESEARCH QUESTION(S)
1. How should open-source technologies be used to dynamically add or modify hacking

incidences in a high-interaction honeynet system?

2. How should honeypots be made more attractive for hackers to spend more time to

provide hacking evidences?

1.5 HYPOTHESES OF THE STUDY

Honeypots can dramatically reduce false positives. Honeypots are designed to track

illegal activities. This makes it extremely efficient to use honeypots for detecting attacks.

Honeypots only collect data from human or processes interactions. Organizations that may log

thousands of alerts a day with traditional technologies will only log a hundred alerts with

honeypots (Kaur et al., 2014). Honeypots, on the other hand, can easily be used to identify and

capture new attacks. New attacks can easily be detected by a honeypot because any illegal

activity is an anomaly. Thus, honeypots can be used to collect, manage and analyze more attack

data.

1.6 JUSTIFICATION OF THE STUDY

The research is aimed at controlling the malicious attack. Security of our data is a priority in

computing. This research work is developed to protect the data from attack or unauthorized

access of our server. That is normally considered through process of retrieving the IP address

of the accessing computer, which help to identify the whereabouts of the attacker through the

retrieved IP address.

1.7 SCOPE OF THE STUDY

The study covers the Adamawa State University, Mubi portal, where a sample of the portal

will be designed which will not be attached to the server. That will attract the would-be

attacker to belief that it is the real portal. Hence by attacking the site will give us ample

opportunity to retrieve his IP address.

5
1.8 DEFINITION OF TERMS
1. Active Server (AS): - is an HTML page that includes one or more scripts (small

embedded programs) that are processed on a Microsoft web server before the page is

sent to the user.

2. Apache: - Apache is the most widely used web server software. Developed and

maintained by Apache Software Foundation. Apache is a freely available Web server

that is distributed under an "open source" license.

3. Decoy: - Device, or event meant as a distraction, to conceal what an individual or a

group might be looking for. Decoy is generally used to overcome a main problem in

protein folding simulations: the enormity of the conformational space

4. Dynamic Web: - is a web page whose construction is controlled by an application

server processing server-side script.

5. FTP Server: - Is a standard network protocol used to transfer computer files between

a client and server on a computer network.

6. (HTTP): - is an application protocol for distributed, collaborative, hypermedia

information systems. HTTP is the foundation of data communication for the World

Wide Web.

7. IP Address: - Is a numerical label assigned to each device (e.g., computer, printer)

participating in a computer network that uses the Internet Protocol for

communication.

8. Internet Information Services (IIS): - Is an extensible web server created by Microsoft

for use with Windows NT family. IIS supports HTTP, HTTPS, FTP, FTPS, SMTP

and NNTP. It has been an integral part of the Windows NT family since Windows NT

6
 4.0, though it may be absent from some editions (e.g., Windows XP Home edition),

and is not active by default.

9. Instant messaging (IM): - Is a type of communications service that enables you to

create a kind of private chat room with another individual in order to communicate in

real time over the Internet, analogous to a telephone conversation but using text-

based, not voice-based, communication.

10. JavaScript: - Is a lightweight, interpreted programming language.

11. OS kernel: - Are component of Operating System, interacts directly with hardware,

provides low level services to upper layer components.

12. Perl Script: - Perl is a programming language developed by Larry Wall, especially

designed for text processing.

13. PHP: - PHP originally stood for “Personal Home Page” As its usefulness and

capabilities grew, it came to mean “PHP: Hypertext Preprocessor” can be interspersed

within Hypertext Markup Language (HTML), which makes developing dynamic

websites more accessible.

14. URL: - A web address The Standard way to address web documents(pages)

15. VB Script: - Is a general-purpose, lightweight and active scripting language

developed by Microsoft that is modeled on Visual Basic.

16. Virtual machine (VM): - A virtual machine is built upon an existing system and

provides a virtual abstraction, a set of attributes, and operations.

17. Web Server: - Is an information technology that processes requests via HTTP, the
basic network protocol used to distribute information on the World Wide Web. The
term can refer either to the entire computer system, an appliance, or specifically to the
software that accepts and supervises the HTTP requests.