THE IMPACT OF HONEY NET IN THE PROCESS OF IDENTIFYING CYBER ATTACKS AND MODELS USED TO SUCCESSFULLY DEPLOY THEM.
Introduction
As communication is globally getting significance every day, cyber crimes are also increasingly increasing. Counteract measures are built up to identify or thwart these attacks. In the 21st century, the most endless war in the field of computing is network attack and defense. The complexity of internet increases with increase in their functionality and importance that lead to system vulnerabilities. These vulnerabilities enable hackers to remotely access these arbitrary systems which are connected to the internet and subsequently bombard the compromised systems with series of threats such as Trojan, worms and other forms of attack. Strategies of hackers should be studied and understood by allowing attackers access a feeble system. For these problems to be curbed, strategies and resources must be deployed to put them on check. One of the security resources whose worth is reclined in compromise and probe to restraining the activities of network attackers is the honey net.
IMPACT OF HONEYNET IN ATTACKS DETECTION
According to Sven et al. (2005) resources of honey net are used for data control and data capture in cyber attack detection. Data control is guiding the non-honeynet systems from the target of a black hat. This is achieved by limiting a number of connections that are going out per time. Honey net also controls data from the cyber by providing the attackers with limited bandwidth thus, given them less access to the resources of the network. For data capture, honey net gives credence to getting the details of the attackers and their activities by checking their entries and exit.
William W. (2011) highlighted some of the impact of honeynet to identifying cyber hackers as follows:
• Honeynet provides counterfeit data to the black hats therefore generating confusion to hackers. The system provided for the cyber attackers is not an idea system but an arbitrary system, thus the data provided are not real but counterfeit data which makes attackers confused.
More so, due to the fact that many hackers are aware that there is a devised plan to check their activities, Honeynet serves as a deterrent to many of them thus, reducing the number of attackers on the network.
Honeynet also identifies cyber attackers by providing sensitive information to computer and network administrators on the mechanisms deployed by systems attack.
From the impacts listed above, it can be deduced Honeynet is used as an intrusion detection system (IDS) in many organizations whose network has huge amount of data. In as much as it is used as an (IDS) for identifying and warning network administrators of invading threats and attacks, there is irresistible records of falsified identification of attacks. This false reports produced by Honeynet at times in attack identification could be as a result of its inability to filter the huge amount of data into false or true. Honeynet can identify intrusions but when the intrusion is not updated into the intrusion detection system and its signature is new, the intrusion becomes otherwise unnoticeable.
Again, it can be seen that, honeynet impacts in the area of increasing the network security by raising the hunt space for finding systems in the network that are valuable by enticing attackers into wasting energy attacking an honeynet instead of a real network.
MODELS USED TO SUCCESSFULLY DEPLOY HONEYNET
For any action, there must be a rational behind the scene. Srevathsa et al (2013) gave the two reasons why honeynets are deployed. First, honeynets are deployed to study how cyber attackers explore and attempt to have entrance to a network system to knowledge on the strategies used by them to help secure the production system. The second reason of deploying Honeynet is to collect forensic data or information needed to assist in arrest and prosecution of attackers.
Honeynet models
Mathew et al.(2012) highlighted some of the models used in Honeynet deployment as. Some of which are as follow:
ACTIVE SERVER (AS) model: This model is deployed as a solution to alleviate Denial of Service Attack (DOS) by putting a production server at the back of gateway access. Every Active Server confirms its customers called clients and as soon as the client is authenticated, an open pathway is created between the server and the client. But if the AS does not validate the client, the client is trapped right there. This model prevents Denial of Attack since every client must be authenticated before having contact or access to the server; thus, hindering cyber attackers from blocking the route from the protected server and the Active Server.
BLACK HOLE ROUTERS DETECT (BHRD) Model: This model of was designed by Prathapani to detect black holes in mesh network of the wireless routers. This model (BHRD) announces spurious finest paths to catch the attention of traffic via it by simply dropping all concerned network traffic. This model provides solution that consists of response module, router module and alert module. With the help of a known route, message is sent from the router module to the response module via a reserved route. The response module then gives the feedback from the message received.
DYNAMIC FORENSIC (DF) Model: In this model, Intrusion Detection is integrated into forensic security network using Honeynet. The model ensures that data obtained for forensic analysis is dependable no matter how the attackers try to modify it. The key function of this model is detecting intrusion in the network. The forensic system is dynamically activated when the threat level is very high by forwarding the traffic to the honeynet but when the attack has gone beyond the definite point the passage is cut off automatically to evade modification of the data collected by hackers. The analysis of the attacks is then evaluated by extracting the signature to identify future attacks.
DOUBLE HONEYNET AND PRINCIPAL COMPONENT ANALYSIS (PCA) Model. This model is to improve correctness in all the signatures generated for polymorphic worms. This is model is actual a difficult and tedious model because polymorphic worms keeps on modifying themselves to keep away from their fingerprinting precisions. System will grab hold of a worm in the first Honeynet system, the worm is subsequently permitted to infect other systems in the second system of honeynet. Every version of the worm is captured as the worm keeps on moving to and fro among the two Honeynet systems. PCA is then used to analyze all versions of the worm by producing a signature that can be subsequently employed to identify polymorphic worms by means of using intrusion detection systems. This model in addition uses polygraph by automating the signatures generated by polymorphic worms with minimal false positives and low false negatives while using network streams that contain noise generated signatures.
References
Sven crasser, Julian B., Grizzard, Henry L. Owen (2005) 'The use of Honeynet to increase Computer Network Security and user awareness', Journal of Security Education, 1(2), pp. 23
Mathew L. Bringer, Christopher A. Chemecki and Hiroshi Fujinoki (2012) 'Recent Advances and FutureTrends in Honeypot Research', Journal of Computer and Information Security , 10(7), pp. 63 [Online]. Available at: (Accessed: 27 October 2015).
Srivathsa S Rao, Vinay Hegde, Boruthalupula Maneesh, Jyothi Prasad N M, Suhas Suresh (2013) ' Web Based Honeypots Network', 5. International Journal of Scientific and Research Publications, 3(8), pp. 6-7