Distributed honeypot system for analyzing attack processes and behaviors on the Internet

Abstract

The use of Internet continue to grow at a very high rate and this has alot of challenges involved in terms of network and computer security. Alot of attacks continue to emerge on a daily basis and there is a need to understand such threats/attacks for instance their origin and trend. To understand such attacks, significate data need to be collected and analyzed. In this research we look at low-interaction honeypot sensors deployed in different locations over the Internet. These honeypots are implemented using SGNET technology an initiative by the Leurrecom.org [1] honeypot by the Eurecom Institut. Collected data from all the sensors is automatically uploaded into the central database for analysis. We use tools like Maxmind, P0fv2, Nepenthes, Argos among others to carryout the analysis. Upon analyzing this data we found out attacks originate from different countries and they have a common attack partner in terms of Operating System of attackers, port sequences, code injection attacks and malware downloded.