Developing a low interaction honeypot detection system in a networked environment using live environment and network analysis.

Abstract

As the technological change leads to the use of information systems to store and process data, the need to protect the systems becomes very important as it can cause to data leakage, disruption in processing among other things which then lead to financial losses and endangering of the persons whose information has been leaked. Honey Pots are one of the ways these information systems can be protected from authorized access through understanding the motives of the attacker and the methods being used to try access the systems. With this information collected, the production system can be hardened and information protected. This project helped develop a Honeypot detection system that helps the honeypot developers check the built honeypots and harden them to prevent them from being detected by the attackers. The honeypot detection tool was tested on windows honeypots that are currently in use, a production server was used a control environment and the results showed that honeypots in production can be detected by the hackers. Honeypots that are not easily detectable are important as they help organizations to collect lots of data on the methods the attackers are likely to use, and the information being targeted by the hackers. The loop holes in these areas can then be patched to keep the information systems safe. The project also proposes a high level model on how honeypots for windows systems can be made undetectable and lead to the collection of more information about the attack, this model can also be replicated in the systems that are being operated by the rganizations.