Honeypot Based Intrusion Detection System. A framework for mitigating network attacks using honeypot and real time rule accession in Intrusion Detection System

      Аннотация: The Intrusion Detection Systems (IDS) play an important role in protecting the organizations from unauthorized activities. In this dissertation work, a framework using honeypot is proposed with Real Time Rule Accession (ReTRA) capability. Honeypot is used to prevent the attack and collect attack traffic on the network. Furthermore, Apriori algorithm for association rule mining is used on the data logged by honeypot to generate rules which is added to the Snort IDS dynamically. This is different from the previous method of off-line rule base addition. The proposed IDS is efficient in detecting the attacks at the time of their occurrences even if the system was not equipped with rules to detect it. The logs generated by honeypots can grow very large in size when there is heavy attack traffic in the system, thus consuming a lot of disk space. The huge log size poses difficulty when they are processed and analyzed as they consume a lot of time and resources. The proposed system addresses these issues. The logging module for efficient capture of attack traffic saves disk space. The log analyzer processes this log to generate reports and graphs for the security administrators.

Ключевые слова: Honeypot, Snort, Apriori Association rule mining, Real Time Rule Accession (ReTRA), network security, Honeyd, Intrusion Detection System