Malicious traffic detection in a private organizational network using honeynet system

As the number of users connected with internet has increased many folds, Cyber attacks have become a major problem in today´s world. The conventional security devices such as IDS, IPS, and Firewalls are good enough to counter and log the known attacks but in case of the unknown attacks theses security devices fails. As a solution to the zero day attacks honeynets provides a proactive approach toward detection and further mitigation of these zero day attacks. Work present in this paper explores the possibility of using honeynets as active security devices complementing the conventional security measures such as firewalls and IDS. We have used honeyd a low interaction honeypot as capturing devices in the organizational network to capture the malicious data. The captured data is further characterised and being segregated in to three major classes 1) legitimate traffic, 2) traffic due to system misconfiguration and 3) traffic due to worm propagation or infection. The knows malicious traffic if filtered using SNORT IDS rule sets and malicious traffic which is not detected is used as an input to the IDS signature generation engine. From the experimental analysis various prons and cons are brought about in this paper.