Professional Documents
Culture Documents
BY
17U/360150
A PROJECT
NOVEMBER, 2022
i
CLOUD BASE HONEY POT SECURITY SYSTEM
BY
17U/360150
ii
Dedication
This project is dedicated to God Almighty who has been there for me right from the beginning to
this point. Special dedication also to my ever-supportive parents, for their support and
iii
Acknowledgement
My appreciation goes to Almighty Allah for His infinite mercies, protection and wisdom
throughout the period of my BSC program. I wish to acknowledge the effort of my parent Barr.
Baba Inuwa, Mrs. Zulaihat Saidu and Mrs. Mario Mu’azu for their financial support,
unconditional love, support, guidance and control throughout the period of my program. With
deep sense of appreciation, respect and gratitude, I also want to say a big thank you to Auwal
Sale, Ahmed Inuwa, Shehu Salihu, Mairamu Sale, Aisha Inuwa, Aisha Ishaku Galadima, Aliyu
Muhammad Kaigama, Hamza Vokna, Nurudeen Isa, Sadiq Aliyu vwa, Naziru Yusuf Bello,
Maryam Yunusa, and my entire colleagues for their caring support during the period of my
program.
I also want to acknowledge the effort of the entire staff of computer Science Department
Adamawa State university, Mubi. My able supervisor in person of Dr. Yusufu Gambo thank you
iv
Table of Contents
Declaration.................................................................................................................................................iii
Dedication...................................................................................................................................................iv
Acknowledgement.......................................................................................................................................v
Abstract.....................................................................................................................................................vii
CHAPTER ONE: INTRODUCTION..........................................................................................................1
1.1 BACKGROUND TO THE STUDY:........................................................................................1
1.2 STATEMENT OF THE PROBLEM........................................................................................3
1.3 AIM(S) AND OBJECTIVES.....................................................................................................4
1.4 RESEARCH QUESTION(S)....................................................................................................4
1.5 HYPOTHESES OF THE STUDY............................................................................................5
1.6 JUSTIFICATION OF THE STUDY........................................................................................5
1.7 SCOPE OF THE STUDY.........................................................................................................5
1.8 DEFINITION OF TERMS........................................................................................................5
v
Abstract
A honeypot is a deception tool, designed to entice an attacker to compromise the electronic
information systems of an organization. If deployed correctly, a honeypot can serve as an early-
warning and an advanced security surveillance tool. It can be used to minimize the risks of
attacks on IT systems and networks. Honey pots can also be used to analyze the ways attackers
try to compromise an information system and to provide valuable insights into potential system
loopholes. This study investigated the effectiveness of the existing methodologies that is used to
detect and prevent attacks. A Honey pot system was used to collect information about the source
IP address, Location, and time of attackers. The project outlines strategies for making honeypots
more attractive for hackers to spend more time to provide hacking evidence.
vi
CHAPTER ONE: INTRODUCTION
organizational network. Honey pots are integrated in network with firewall and Intrusion
detection systems to provide solid secure platform to an organization. Firewall provides the
filtering and generates logs to further analyze any malicious activity or any violation policy of
access control list, firewall rules. Different approaches like firewall demilitarized zone have been
used but they are not effective for today’s network security. Intrusion detection systems then
introduced to overcome the shortcomings of existing network. Intrusion detection system silently
monitor the network’s traffic and give the alerts to talk about any kind of intruders based upon
the database of signatures of existing intrusions. A number of issues were with IDS too as facing
with an increasing number of false negatives and false positives. Honey pots then introduced in
the network to utilize the network’s unused IPs and the attacker’s behavior is analyzed on these
honey pots. Honey pots improve IDS too by decreasing the numbers of false positives. With the
integration honey pots network security accuracy increases than the only implementation of
network Intrusion detection system. These are the increasing trends in information security
mechanism. For instance, the well-known companies Amazon possessing the world’s largest
database use database honey pots to deceive attackers to reach their actual honey pots. A. Honey
pots: Honey pot is a unique security resource which is a part of security mechanism deployed in
an organization. These are the resources you want the black hat guys to interact with. Basically,
honey pot is an IT resource whose value lies in an unauthorized or its illicit use. It means the
value of honey pots could be derived from the threats using them. Honey pots would have little
value if attacker doesn’t interact with them. Indeed, honey pots do not solve specific problems.
1
Instead, they are tools having applications to security. They can be used as early warning
systems, slowing down and automated attacks and capturing new exploits to gathering
intelligence on emerging threats. Furthermore, honey pots come in different sizes and shapes,
attacked such as Honey nets. Also, honey pots don’t even have to be computer. They may be
credit card numbers, Excel spread sheets or login and passwords (known as honey tokens).
In the technology driven world we live in, the value guarding of information is crucial.
The ability to guard this information has become of the highest importance and an art form. With
that said, as a network administrator you have to be prepared to protect your network and the
information on your network with extreme and sometimes diverse measures. One of these
measures is a honey pot. With a honey pot, hackers are actually allowed in to your network to a
certain degree and then the ability to block them out becomes a reality by checking your logs to
Spitzner, founder of the Honey net Project, he defines honey pot as a system designed to learn
how black-hats probe for and exploit weaknesses in an IT system”. In other words, a honey pot is
a decoy, put out on a network as bait to lure attackers. Honey pots are typically virtual machines,
designed to emulate real machines, feigning or creating the appearance of running full services
and applications, with open ports that might be found on a typical system or server on a network.
Honey pot works by fooling attackers into believing it is a legitimate system; they attack the
system without knowing that they are being observed covertly. When an attacker attempts to
compromise a honey pot, attack-related information, such as the IP address of the attacker, will
be collected. This activity done by the attacker provides valuable information and analysis on
2
attacking techniques, allowing system administrators to trace back to the source of attack if
required.
Honey pots can be used for production or research purposes. A production honey pot is used for
risk mitigation. Most production honey pots are emulations of specific operating systems or
services. They help to protect a network and systems against attacks generated by automated
tools used to randomly look for and take over vulnerable systems. By running a production
honey pot, the scanning process from these attack tools can bestow right down, thereby wasting
their time. Some production honey pots can even shut down attacks altogether by, for example,
sending the attackers an acknowledgement packet with a window size of zero. In this way,
production honey pots are often used as reconnaissance or deterrence tools. Research honey pots
are real operating systems and services that attackers can interact with, and therefore involve
higher risk. They collect extensive information and intelligence on new attack techniques and
methods, and hence provide a more accurate picture of the types of attacks being perpetrated.
They also provide improved attack prevention, detection and reaction information, drawn from
the log files and other information captured in the process. In general, honey pot research
institutions such as universities and military departments will run research honey pots to gather
intelligence on new attack methods. Some of the research results are published for the benefit of
vulnerable to malicious attack by the intruders. The rampant increase in fraud, attacks on a
web site necessitate the design or creation of sample website to distract the attackers, divert
their attention from the real servers before doing any harm to it.
Attempts by attackers to breach security systems are rising every day. Intruders use tools
3
like SubSeven, Nmap and LoftCrack to scan, identify, probe and penetrate Enterprise
systems.
Firewalls are put in place to prevent such unauthorized access to the Enterprise Networks.
An Intrusion Detection System (IDS) reviews network traffic and identify exploits and
vulnerabilities; it is able to display alert, log event, and e-mail administrators of possible
attacks.
An Intrusion Prevention System on the other hand makes attempts to prevent known
intrusion
signatures and some unknown attacks due to the knowledge of attack behaviors in its
database.
However, an IDS can generate thousands of intrusions alerts every day, some of which are
false positives. This makes it difficult for an IDS to detect and identify the actual threats and
to protect assets. Thus, human intervention is required to investigate the attacks detected and
i. Distract the attackers from real servers and retrieving the IP address of the accessing
system.
ii. To reduces the risk of attackers to an information system to the minimum level.
i. Create an opportunity to detect and responds to attacks before the attackers are able to do
4
1.4 RESEARCH QUESTION(S)
1. How should open-source technologies be used to dynamically add or modify hacking
2. How should honeypots be made more attractive for hackers to spend more time to
illegal activities. This makes it extremely efficient to use honeypots for detecting attacks.
Honeypots only collect data from human or processes interactions. Organizations that may log
thousands of alerts a day with traditional technologies will only log a hundred alerts with
honeypots (Kaur et al., 2014). Honeypots, on the other hand, can easily be used to identify and
capture new attacks. New attacks can easily be detected by a honeypot because any illegal
activity is an anomaly. Thus, honeypots can be used to collect, manage and analyze more attack
data.
computing. This research work is developed to protect the data from attack or unauthorized
access of our server. That is normally considered through process of retrieving the IP address
of the accessing computer, which help to identify the whereabouts of the attacker through the
retrieved IP address.
will be designed which will not be attached to the server. That will attract the would-be
attacker to belief that it is the real portal. Hence by attacking the site will give us ample
5
1.8 DEFINITION OF TERMS
1. Active Server (AS): - is an HTML page that includes one or more scripts (small
embedded programs) that are processed on a Microsoft web server before the page is
2. Apache: - Apache is the most widely used web server software. Developed and
group might be looking for. Decoy is generally used to overcome a main problem in
5. FTP Server: - Is a standard network protocol used to transfer computer files between
information systems. HTTP is the foundation of data communication for the World
Wide Web.
communication.
for use with Windows NT family. IIS supports HTTP, HTTPS, FTP, FTPS, SMTP
and NNTP. It has been an integral part of the Windows NT family since Windows NT
6
4.0, though it may be absent from some editions (e.g., Windows XP Home edition),
create a kind of private chat room with another individual in order to communicate in
real time over the Internet, analogous to a telephone conversation but using text-
11. OS kernel: - Are component of Operating System, interacts directly with hardware,
12. Perl Script: - Perl is a programming language developed by Larry Wall, especially
13. PHP: - PHP originally stood for “Personal Home Page” As its usefulness and
14. URL: - A web address The Standard way to address web documents(pages)
16. Virtual machine (VM): - A virtual machine is built upon an existing system and
17. Web Server: - Is an information technology that processes requests via HTTP, the
basic network protocol used to distribute information on the World Wide Web. The
term can refer either to the entire computer system, an appliance, or specifically to the
software that accepts and supervises the HTTP requests.