NORMA eResearch @NCI Library

An approach to enhance low -interaction honeypots by enabling them to detect spoofing attacks via network analysis

Bonnerji, Rhea (2020) An approach to enhance low -interaction honeypots by enabling them to detect spoofing attacks via network analysis. Masters thesis, Dublin, National College of Ireland.

[img]
Preview
PDF (Master of Science)
Download (523kB) | Preview
[img]
Preview
PDF (Configuration manual)
Download (1MB) | Preview

Abstract

A spoofing attack is when a malicious party imitates another system on a network as being from a known, trusted source and initiates attacks on network administrators to steal data, bypass network access or perform DDoS attacks. Spoofing attacks are a rising problem for companies both big and small costing them billions of dollars for the same. Honeypots are often used in organisations to both bait the attackers and to detect underway attacks. Low-interaction honeypots that imitate basic network services, internet protocols and operating systems are more likely to be used because of their cost-effectiveness but since they are limited in their abilities, organizations prefer high-interaction honeypots which are both expensive and resource heavy. Therefore, it was necessary to propose a method of detection of spoofing attacks with minimal resources to meet the needs of all. This paper proposes a spoofing attack detection mechanism for IP, ARP and DNS spoofing by enhancing the functionalities of a low interaction honeypot by incorporating some additional intelligence to make them detect basic spoofing attacks and capture all the network traffic. Tshark is used to capture the network traffic and then different scripts are implemented on them to categorize the network packets as spoofed or genuine. Next, these results are compared to the logs from the honeypots to see how our enhancement scripts have worked compared to them.

Item Type: Thesis (Masters)
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science

Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Dan English
Date Deposited: 26 Jan 2021 15:03
Last Modified: 26 Jan 2021 15:03
URI: http://norma.ncirl.ie/id/eprint/4489

Actions (login required)

View Item View Item