MONITORING HONEYPOT & DETECTING CYBER ATTACK

SHRUTHIKA S (2127200501139)
SIBHI CHAKRAVARTHI B (2127200501140)
VIGNESH N K (2127200501161)

CS18811 – PROJECT WORK

Second Review
Batch No : 38
Name of the Supervisor : Ms.S.POORANI
Date of Review : 22.02.2024
Domain : Cyber Security
 ABSTRACT
• In today's digital age, cybersecurity threats are ever-present, with malicious
actors constantly seeking to exploit vulnerabilities in network systems.
• One effective approach to monitoring and detecting unauthorized access
attempts is the deployment of SSH honeypots.
• These decoy servers legitimate SSH services to attract and monitor
malicious activities.
• This project explores the implementation and effectiveness of SSH
honeypots in enhancing cybersecurity by capturing and analyzing malicious
SSH interactions.
 PROBLEM
PROBLEM
Click STATEMENT
to edit STATEMENT
Master title style
• With the increasing sophistication of cyber threats, organizations face the
challenge of defending against unauthorized access attempts and securing
sensitive data. Traditional security measures may not always suffice,
necessitating the need for proactive detection and mitigation strategies.
• SSH-based attacks, including brute-force login attempts and reconnaissance
activities, pose significant risks to network integrity and data confidentiality.
Addressing these threats requires innovative solutions that can effectively
identify and respond to malicious behavior in real-time.
 PROBLEM
Click INTRODUCTION
to edit STATEMENT
Master title style
• SSH (Secure Shell) is a widely used protocol for secure remote access to
systems, providing encryption and authentication mechanisms to protect
communication over networks.
• However, SSH services are also prime targets for attackers seeking to gain
unauthorized access to servers and exploit sensitive information.
• SSH honeypots offer a proactive defense mechanism by luring attackers into
simulated environments, allowing organizations to observe and analyze
malicious activities without exposing real systems to risk.
 LITERATURE
Click to edit MasterREVIEW
title style
S.No Name of Author, Year Research Article Review Of The Paper
of Publication Title
1. Y. Shan, Y. Yao, T. Zhao, and W. NeuPot: A Neural Network-Based The paper offers insights into
Yang, in IEEE Transactions on Hon eypo t for Detectin g Cyber leveraging advanced technologies for
Th reats in In du strial Co n tro l
threat detection in critical
Industrial Informatics, vol. 19, Systems infrastructure, potentially enhancing
no. 10, pp. 1-3 , 2023. resilience against cyber threats. This
innovative methodology represents a
promising avenue for bolstering ICS
security.
2. M. S. Ali and M. S. Hossain, in Evaluation of Cowrie SSH/Telnet the effectiveness of Cowrie SSH/Telnet
IEEE Access, vol. 8, pp. 8780- Honeypot in Detecting and honeypot in detecting and monitoring
Monitoring Cyber Attacks cyber attacks. The authors conduct a
8790, 2020. thorough evaluation to assess the
honeypot's performance in capturing
and analyzing malicious activities.
 LITERATURE
Click to edit MasterREVIEW
title style
S.No Name of Author, Year of Research Review Of the Paper
Publication Article Title
3. L. Zobal, D. Kolar, and R. Fujdiak, “Current state of honeypots It offers insights into the evolving
in 2019 11th International and deception strategies in techniques used to detect and mitigate
Congress on Ultra Modern cybersecurity,” cyber threats. The study sheds light on
Telecommunications and Control emerging trends and challenges,
Systems and Workshops (ICUMT), contributing to the advancement of
pp. 1–9, 2023. cybersecurity defense mechanisms.
4. L. Shi, Y. Li, T. Liu, J. Liu, B. Shan, Dynamic Distributed It proposes a decentralized architecture
and H. Chen, IEEE Access, vol. 7, Honeypot Based on for deploying honeypots, enhancing
pp. 72 234–72 246 Year:2019 Blockchain resilience against cyber threats. The
study highlights the effectiveness of
blockchain in distributing honeypot
instances, contributing to advancements
in cybersecurity defense mechanisms.
 ISSUES
PROBLEM
Click &STATEMENT
to edit CHALLENGES
Master title style
• Resource Consumption: Running Cowrie honeypots requires significant
computational resources, especially when dealing with a large volume of traffic.
• Data Overload: Cowrie generates extensive data logs from interactions with
potential attackers. Analyzing this data demands a robust logging and
monitoring infrastructure.
• Integration with Security Operations: Integrating Cowrie data into broader
security operations is intricate, involving correlating honeypot data with other
security telemetry, sharing intelligence with stakeholders, and leveraging
insights to enhance overall security posture.
• Attack Variability: Cowrie honeypots need to adapt to these changes by
updating their deception techniques, emulating new vulnerabilities, and staying
informed about emerging threats.
 ClickPROPOSED
PROBLEM WORK
to edit STATEMENT
Master title style
• Develop a detailed plan for the deployment and configuration of the SSH
honeypot environment, considering factors such as network architecture,
system requirements, and monitoring capabilities.
• Implement the SSH honeypot environment including the deployment of
custom SSH honeypot software and integration with the Cowrie SSH
honeypot.
• Configure the SSH honeypot software to emulate SSH services, capture
interaction attempts, and forward traffic to the Cowrie honeypot for analysis.
• Analyzeand collected data to identify patterns, trends, and potential indicators
of compromise, enabling proactive threat detection and response.
ARCHITECTURE
Click to edit MasterDIAGRAM
title style
 HARDWARE AND
Click to SOFTWARE
edit REQUIREMENTS
Master title style
• Name of the Processor : Intel core i5 8th GEN
• RAM : 8GB
• Operating System : Windows
• Tools used : Open SSH
• Packages : paramiko
• IDE : Visual Studio code

8/15/2023 10
 PROBLEM
Click MODULES
to edit STATEMENT
Master title style
1. Data Acquisition:

• This module would be responsible for collecting the data HoneyScanner

needs to function.
• Potential functionalities include:
• Scanning for honeytokens (fake access credentials) placed by security
researchers.
• Scraping data from websites or online sources .
• Interacting with APIs to retrieve relevant information
 PROBLEM
Click MODULES
to edit STATEMENT
Master title style
2. Data Analysis:

• This module would process the collected data to identify potential security
threats.
• Potential functionalities include:
• Analyzing the structure and format of honeytokens.
• Identifying patterns or indicators of malicious activity.
• Extracting useful insights from the scraped data .
 PROBLEM
Click MODULES
to edit STATEMENT
Master title style
3. Deployment & Reporting:

• This module would present the security assessment of cowrie honeypot.

• Potential functionalities include:
• Generating reports that detail identified threats and potential
vulnerabilities.
• Reports on active and passive attacks are generated.
PROBLEM
Click SCREENSHOT
to edit STATEMENT
Master title style
PROBLEM
Click SCREENSHOT
to edit STATEMENT
Master title style
PROBLEM
Click SCREENSHOT
to edit STATEMENT
Master title style
PROBLEM
Click SCREENSHOT
to edit STATEMENT
Master title style
PROBLEM
Click SCREENSHOT
to edit STATEMENT
Master title style
PROBLEM
Click SCREENSHOT
to edit STATEMENT
Master title style
 REFERENCES
Click to edit Master title style
[1] Y. Shan, Y. Yao, T. Zhao, and W. Yang, "NeuPot: A Neural Network-Based Honeypot
for Detecting Cyber Threats in Industrial Control Systems," in IEEE Transactions on
Industrial Informatics, vol. 19, no. 10, pp. 1-3 , 2023.
[2] M. Saad, J. Spaulding, L. Njilla, C. Kamhoua, S. Shetty, D. Nyang, and D. Mohaisen,
“Exploring the Attack Surface of Blockchain: A Comprehensive Survey,” IEEE
Communications Surveys & Tutorials, vol. 22, no. 3, pp. 1977–2008, 2020.
[3] Hironori Uchibori, Katsunari Yoshioka and Kazumasa Omote, “Honeypot Method to
Lure Attackers without Holding Crypto-Assets” , Blockchain, vol. 11, pp. 2-4, 2023.
[4] L. Zobal, D. Kolar, and R. Fujdiak, “Current state of honeypots and deception
strategies in cybersecurity,” in 2019 11th International Congress on Ultra Modern
Telecommunications and Control Systems and Workshops (ICUMT), pp. 1–9, 2023.
 REFERENCES
Click to edit Master title style
[5] B. Rashidi, C. Fung, K. W. Hamlen, and A. Kamisinski, “Honeyv: A virtualized honeynet
system based on network softwarization,” in NOMS 2018 - 2018 IEEE/IFIP Network
Operations and Management Symposium, pp. 1–5, 2018.
[6] Z. Xia, X. Wang, X. Sun, and Q. Wang, "A Secure and Dynamic Multi-Keyword Ranked
Search Scheme over Encrypted Cloud Data" in IEEE Transactions on Parallel and
Distributed Systems, vol. 27, no. 2, pp. 9-21, 2016.
[7] M. S. Ali and M. S. Hossain, "Evaluation of Cowrie SSH/Telnet Honeypot in Detecting
and Monitoring Cyber Attacks," in IEEE Access, vol. 8, pp. 8780-8790, 2020.
[8] L. Shi, Y. Li, T. Liu, J. Liu, B. Shan, and H. Chen, “Dynamic Distributed Honeypot Based
on Blockchain,” IEEE Access, vol. 7, pp. 34–46, 2019.