Performance analysis of network intrusion detection using T-Pot honeypots / Mohd Faris Mohd Fuzi ... [et al.]

Mohd Fuzi, Mohd Faris and Mazlan, Muhammad Fahimuddin and Jamaluddin, Muhammad Nabil Fikri and Abd Halim, Iman Hazwam (2024) Performance analysis of network intrusion detection using T-Pot honeypots / Mohd Faris Mohd Fuzi ... [et al.]. Journal of Computing Research and Innovation (JCRINN), 9 (2): 28. pp. 348-360. ISSN 2600-8793

Abstract

Honeypots have become invaluable tools in the field of cybersecurity, allowing researchers to gain insights into attacker behaviour, collect data on malicious activities, and develop effective defence strategies. Traditionally, honeypots relied on rule-based approaches or signature-based detection to identify and categorise attacks. However, with the growing complexity and diversity of cyber threats, these methods often struggle to keep pace with evolving attack techniques. Modern honeypots, such as T-Pot, have become multi-faceted systems that provide researchers with a wealth of data. They could emulate different vulnerabilities and services, thus attracting a wide array of cyberattacks. This ability to simulate real-world systems and networks allowed for a detailed analysis of attack methodologies and helped to understand the evolving nature of cyber threats. As attacks became more sophisticated, so did the strategies to combat them. This included understanding the landscape of cyber threats, anticipating potential vulnerabilities, and staying ahead of the attackers. Thus, this project aims to implement a complex honeypot system with capabilities to detect and prevent cyberattacks. The project will involve designing the honeypot infrastructure, collecting data on attacks, integrating the model into the honeypot system for real-time analysis, generating reports and alerts based on the analysis, and continuously improving the system's defences. The tests revealed that honeypots can perform real cyberattacks, as well as detect and warn about threats. This project used Nmap, Hydra, and Hping3 to pretend to be attackers and show that the honeypot could fake network resources and attract them, which makes it a smart network intrusion detection system. There was a lot of experimental data on how well the honeypot could find things. Each test checked how well the honeypot could find threats on the network. In conclusion, these tests proved that the honeypot's methods for finding threats are correct, which means it can indeed find network breaches.

Metadata

Item Type: Article
Creators:
Creators
Email / ID Num.
Mohd Fuzi, Mohd Faris
farisfuzi@uitm.edu.my
Mazlan, Muhammad Fahimuddin
UNSPECIFIED
Jamaluddin, Muhammad Nabil Fikri
UNSPECIFIED
Abd Halim, Iman Hazwam
UNSPECIFIED
Subjects: T Technology > TK Electrical engineering. Electronics. Nuclear engineering > Telecommunication > Computer networks. General works. Traffic monitoring > Intrusion detection systems (Computer security). Computer network security. Hackers
Divisions: Universiti Teknologi MARA, Perlis > Arau Campus
Journal or Publication Title: Journal of Computing Research and Innovation (JCRINN)
UiTM Journal Collections: UiTM Journal > Journal of Computing Research and Innovation (JCRINN)
ISSN: 2600-8793
Volume: 9
Number: 2
Page Range: pp. 348-360
Keywords: Honeypot Detection, Performance Analysis, Network Intrusion, T-Pot
Date: September 2024
URI: https://ir.uitm.edu.my/id/eprint/103968
Edit Item
Edit Item

Download

[thumbnail of 103968.pdf] Text
103968.pdf

Download (3MB)

ID Number

103968

Indexing

Statistic

Statistic details