Title :
A honeypot system for efficient capture and analysis of network attack traffic
Author :
Singh, Abhay Nath ; Joshi, R.X.
Author_Institution :
Dept. of Electron. & Comput. Eng., Indian Inst. of Technol., Roorkee, Roorkee, India
Abstract :
A Honeypot is an information system resource used to divert attackers and hackers away from critical resources as well as a tool to study an attacker´s methods. One of the most widely used tools is honeyd for creating honeypots. The logs generated by honeyd can grow very large in size when there is heavy attack traffic in the system, thus consuming a lot of disk space. The huge log size poses difficulty when they are processed and analyzed by security analysts as they consume a lot of time and resources. In this paper, we propose a system which addresses these issues. It has two important modules. The first one is logging module which saves disk space by reducing the log size without losing information. The second module is a log analyzer that can process this log to generate reports and graphs for the security administrators. The analyzer is backward compatible and can process the log file produced by honeyd as well. The experimental results show that the space required by log file reduces significantly.
Keywords :
computer network security; information systems; system monitoring; critical resources; disk space; honeypot system; information system resource; logging module; network attack traffic analysis; security administrators; security analysts; IP networks; Intrusion detection; Network topology; Operating systems; Production; Signal processing; FIFO; Honeypot; analyzer; honeyd; logging module; network attacks;
Conference_Titel :
Signal Processing, Communication, Computing and Networking Technologies (ICSCCN), 2011 International Conference on
Conference_Location :
Thuckafay
Print_ISBN :
978-1-61284-654-5
DOI :
10.1109/ICSCCN.2011.6024606
