A honeypot system for efficient capture and analysis of network attack traffic

A Honeypot is an information system resource used to divert attackers and hackers away from critical resources as well as a tool to study an attacker´s methods. One of the most widely used tools is honeyd for creating honeypots. The logs generated by honeyd can grow very large in size when there is heavy attack traffic in the system, thus consuming a lot of disk space. The huge log size poses difficulty when they are processed and analyzed by security analysts as they consume a lot of time and resources. In this paper, we propose a system which addresses these issues. It has two important modules. The first one is logging module which saves disk space by reducing the log size without losing information. The second module is a log analyzer that can process this log to generate reports and graphs for the security administrators. The analyzer is backward compatible and can process the log file produced by honeyd as well. The experimental results show that the space required by log file reduces significantly.