Multi Layer Cyber Attack Detection through Honeynet

Abstract

Intrusion detection forms an indispensable component of cyber security. To keep pace with the growing trends of blackhat community, there is an urgent need to replace single layer detection technology with multi layer detection. Our practical experiences depicted the retrieval of attack evidences from system traces. This paper signifies the integration of host-based intrusion detection system (HIDS) with already existing network based detection on Gen 3 Honeynet architecture. The integration procedure involves the stealth mode operation of HIDS sensor, code organization to generate HIDS alerts in a standard format with requisite network parameters, enhancing the functionality of data fusion to pipeline HIDS sensor with other data sensors for real-time operation and correlation with established network sessions, and further visualization on graphical analysis console. The benefits of new Honeynet architecture have been established. The results in the form of statistical trend distribution and percentage reduction of Honeynet data have been presented.