Please use this identifier to cite or link to this item:
|Title:||MITIGATING NETWORK ATTACKS USING HONEYPOTS AND REAL TIME RULE ACCESSION IN IDS|
|Authors:||Singh, Abhay Nathi|
|Keywords:||ELECTRONICS AND COMPUTER ENGINEERING;MITIGATING NETWORK ATTACKS;HONEYPOTS;REAL TIME RULE ACCESSION|
|Abstract:||The Intrusion Detection Systems (IDS) play an important role in protecting the organizations from unauthorized activities. In the presence of complex and unknown attacks, several shortcomings of these systems have been exposed. The tedious work of manually updating the signature database of IDS was addressed by various signature generation systems. In this dissertation a framework using honeypot is proposed with Real Time Rule Accession (ReTRA) capability. Honeypot is used to prevent the attack and collect attack traffic on the network. Furthermore, Apriori algorithm for association rule mining is used on the data logged by honeypot to generate rules which is added to the Snort IDS dynamically. This is different from the previous method of off-line rule base addition. The experimental results show that the proposed intrusion detection system is efficient in detecting the attacks at the time of their occurrences even if the system was not equipped with rules to detect it. The proposed system has also been compared with Honeycomb which is one of the best open source systems for automatically generating attack signatures. The experimental results show that ReTRA system is superior to honeycomb in respect to quantity, completeness and non-redundancy of rules. One of the most widely used tools for creating honeypots is honeyd. The logs generated by honeyd can grow very large in size when there is heavy attack traffic in the system, thus consuming a lot of disk space. The huge log size poses difficulty when they are processed and analyzed by security analysts as they consume a lot of time and resources. In this dissertation, the proposed system addresses these issues. The logging module for efficient capture of attack traffic saves disk space by reducing the log size without losing information. The log analyzer processes this log to generate reports and graphs for the security administrators. The analyzer is backward compatible and can process the log file produced by honeyd as well. The experimental results show that the space required by log file reduces significantly. ii|
|Research Supervisor/ Guide:||Joshi, R. C.|
|Appears in Collections:||MASTERS' DISSERTATIONS (E & C)|
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.