Journal of Computing Research and Innovation (Sep 2024)
Performance Analysis of Network Intrusion Detection Using T-Pot Honeypots
Abstract
Honeypots have become invaluable tools in the field of cybersecurity, allowing researchers to gain insights into attacker behaviour, collect data on malicious activities, and develop effective defence strategies. Traditionally, honeypots relied on rule-based approaches or signature-based detection to identify and categorise attacks. However, with the growing complexity and diversity of cyber threats, these methods often struggle to keep pace with evolving attack techniques. Modern honeypots, such as T-Pot, have become multi-faceted systems that provide researchers with a wealth of data. They could emulate different vulnerabilities and services, thus attracting a wide array of cyberattacks. This ability to simulate real-world systems and networks allowed for a detailed analysis of attack methodologies and helped to understand the evolving nature of cyber threats. As attacks became more sophisticated, so did the strategies to combat them. This included understanding the landscape of cyber threats, anticipating potential vulnerabilities, and staying ahead of the attackers. Thus, this project aims to implement a complex honeypot system with capabilities to detect and prevent cyberattacks. The project will involve designing the honeypot infrastructure, collecting data on attacks, integrating the model into the honeypot system for real-time analysis, generating reports and alerts based on the analysis, and continuously improving the system's defences. The tests revealed that honeypots can perform real cyberattacks, as well as detect and warn about threats. This project used Nmap, Hydra, and Hping3 to pretend to be attackers and show that the honeypot could fake network resources and attract them, which makes it a smart network intrusion detection system. There was a lot of experimental data on how well the honeypot could find things. Each test checked how well the honeypot could find threats on the network. In conclusion, these tests proved that the honeypot's methods for finding threats are correct, which means it can indeed find network breaches.
Keywords