Data Security Using Honey Pot System
#1

[attachment=3930]

Data Security Using Honey Pot System
INTRODUCTION OF THE PROJECT:

It is a recent concept that has been adopted by the masses for production implementation to assist in a defensive network security posture. A compromised Honey pot offers a wealth of features that can assist with intelligence data gathering, incident response for a better understanding of who the attacker is, what method the attacker used to gain access and the results of the attackerâ„¢s unauthorized attack for possible prosecution measures.
Internet security is increasing in importance as more and more business is conducted there. Yet, despite decades of research and experience, we are still unable to make secure computer systems or even measure their security. As a result, exploitation of newly discovered vulnerabilities often catches us by surprise. Exploit automation and massive global scanning for vulnerabilities enable adversaries to compromise computer systems shortly after vulnerabilities become known. We are implementing in our project in Java, based on client and server technology. We are also deployed the cryptographic procedure for maintains the security. In this concept, the alternate path selecting is main factor for eliminate the intruder in the network and also utilize the network in better manner.
EXISTING SYSTEM:

Many existing systems require manual definitions of normal and abnormal behavior (intrusion signatures). It is impossible to identify abnormalities automatically using machine learning or data mining techniques. These works analyze network or system activity logs to generate models or rules, which the system can use to detect intrusions that can potentially compromise the system integrity or reliability. However, most of the previous work on intrusion detection focuses on activities generated by a single source, resulting in many false positives and undetected intrusions. In the existing an intruder can easily enter into system and access the system. So we have to prevent this intruder entry for the security purpose.
PROPOSED SYSTEM:

The proposed system is based on the concept of a ticketing authority; The main idea of a ticketing authority is the use of issued tickets to allow clients to access network resources;
The proposed model utilizes this idea for assigning permissions to an authenticated client. The back-end server will compare the requested operation with the clientâ„¢s permissions to determine whether the requested operation is allowed. If the back-end server finds a discrepancy between permissions and requested operations, the back-end server will transfer the packet to the deployed honey pot for filtration.
HARDWARE AND SOFTWARE REQUIREMENTS:

Hardware requirements:
# Processor : Pentium III
# Clock speed : 550MHz
# Hard Disk : 20GB
# RAM : 128MB
# Cache Memory : 512KB
# Operating System : windows Xp
# Monitor : Color Monitor
# Keyboard : 104Keys
# Mouse : 3Buttons
Software requirements:
# Front End : JAVA 1.5
# Back End : MS-ACESS.
OVERALL BLOCK DIAGRAM:
MODULES:
Client module
Front-end Server
Authentication Server
Router
Back-end Server
Honey Pot Server
.
Client Module:

In this module, the client sends the query to the server. Based on the query the server send the corresponding file to the client. Before this process, the client authorization step is involved. In the server side, it checks the client name and its password for security process. If it is satisfied and then received the queries form the client and search the corresponding files in the database. Finally, find that file and send to the client. If the server finds the intruder means, it set the alternative path to those intruders.
Front-End Server:

The front-end server (SF) is responsible for forwarding client requests to the router for processing. The existence of masquerading router is transparent to the client and even Front-end Server. The only load upon Front-end server is to forward the client packet to the router and if the request involves back-end computation and to connect to AS to authenticate the client as a legitimate user. This basically involves forwarding the client request to the AS and accepting the client request or denying the client request based on the AS response contained in the reply message.
Authentication Server:

The Authentication Server (AS) functions as any AS would with a few additional behaviors added to the typical client-authentication protocol. The first addition is the sending of the client authentication information to the masquerading router. The AS in this model also functions as a ticketing authority, controlling permissions on the application network. The other optional function that should be supported by the AS is the updating of client lists, causing a reduction in authentication time or even the removal of the client as a valid client depending upon the request;
Router:

The masquerading router is responsible for handling the clients destined to the back-end server and deciding which client is legitimate and which client should be deflected to the honey pot. The masquerading router is the only entity on the network that can automatically distinguish between the true back-end server and the honeypot. It verify the key of each client, based on the key forward them to either the true back-end server or the honeypot. It is therefore suggested that the communication between the back-end server, the honeypot.
Honey-pot Server:

The honeypot server is charged with handling illegitimate client from either an external source or a misbehaving insider. The honeypot is a simulated production environment that can perform an imitation of as small or broad functionality as required. Its messages are handled in the same way as the back-end server messages. The standard request and reply messages are processed by the honeypot without any change. The benefit of this system comes in the fact that honeypot messages are sent to the application network along with the back-end server messages. A client has no way to discern whether the message is being sent from the legitimate back-end or the honeypot. This makes the honeypot undetectable and unavoidable unless the attacker can authenticate as a legitimate client.
Back-End Server:

The back-end server handles request and reply messages normally used in the security system; It provides the functionality for the more complex operations. The client information is not stored within the back-end server. Instead, permissions are assigned to accessed objects or queries and compared to the permissions assigned to the client to test whether the client is able to legitimately access the desired information. The indirection between the client and the back-end server is therefore kept confidential via use of the masquerading router, so that the back-end server is much more insulated from corruption by the malicious user.
OVERALL DATA FLOW DIAGRAM:
FLOW CHART:
OVERVIEW OF THE PROJECT:

In order to suppress malicious attacks against a back-end server, this paper proposes a network model that allows for isolation from unauthorized traffic, blacklisting of misbehaving clients, and limitation on the effectiveness of back-end DoS attacks. These objectives are accomplished by using four components within a network labeled i through iv. The first of these is the (i) back-end server itself that manages the sensitive data and operations of a web application. The overhead required of the back-end server is consistent with any Role-Based Access Control (RBAC) system in which the server must simply compare the permissions of a client with the request to access a certain resource or perform a specific operation; the only change to this system is the handling of an unauthorized request. This back-end server is isolated from the network by a separate connection to a (ii) masquerading router; this is a router that performs its function in a specialized way and changes all IP and MAC entries on packets exiting the router to the current values for the router itself. In effect, this router functions as a blinder to any traffic sent through its other network connections; this is assumed to occur only on packets destined to the network on which the back-end server is supposed to reside. This layer of indirection prevents the discovery of the actual MAC address of the back-end serverâ„¢s network card.
This indirection facilitates the decision process of the masquerading router to allow traffic to pass to the back-end server or deny it. This will protect the backend server from unauthorized traffic, but further measures can be taken to improve the security of the network. To that end, a (iii) honeypot should be deployed on the separate network connected by the masquerading router; a honeypot is a decoy system used to attract attack traffic for intrusion detection and analysis. More details of honeypots are provided. The router can then decide whether traffic is legitimate or not and re-transmit it to either the attached back-end server or to the attached honeypot. Since the router masquerades as the back-end server, any communication traffic out of the honeypot will also appear to be from the masquerading router and hence appear to be from the back-end server, blinding attackers to the fact that they are in reality communicating with a honeypot.
The problem remains of deciding which traffic is legitimate. Therefore, the final component necessary for this model is an (iv) Authentication Server (AS). This server has the responsibility of authenticating legitimate clients and allowing them to utilize the sensitive information on the network via a connection to the front-end servers. This is the standard function of an AS with the additional responsibility of assigning tickets based on client permissions for use by the backend server. As part of each clientâ„¢s authentication, the ID and the IP address of the client are forwarded to the masquerading router for storage in its routing table. Therefore, the masquerading router will be able to determine which traffic originated from legitimate clients and which traffic has been inserted into the network or sent through a front-end server by an unauthenticated client.
ARCHITECTURAL DESIGN OF THE PROJECT:

The network components required for the proposed. SB is the back-end server containing sensitive data. H is the deployed honeypot for SB. Rm s the masquerading router forwarding traffic to and from H and SB, acting as a single location on the application network. SF is the front-end server connecting directly to client C through the trust boundary (in this case the firewall). AS is the authentication server (trusted).The firewall is detected between the client and server, based on the queries sent the firewall is justified. The Front-End server connects to the authentication server where authentication is only for prescribed users entering the network rather than unauthorized access. The authentication server connects to the masquerading router which decides whether the prescribed information depends on the user is to be sent to the back-end server or honeypot.
SYSTEM TESTING:
Integration Testing:

A neophyte in the software world might ask a seemingly legitimate question once all modules have been unit test. If they all work individually, why do you doubt that theyâ„¢ll work when we put them together The problem, of course, is putting them together - interfacing. Data can be lost across, as sub-functions, when combined, may not produce the desired major function, individually imprecision may be magnified to unacceptable levels, and global data structures can present problems.
Integration testing is a systematic technique for constructing the program structure while at the same time conducting tests to uncover errors associated with interfacing. The objective is to take unit - tested modules and build a program structure that has been dictated by design.
There is often a tendency to attempt non-increments integration; that is to construct the program using a Big Band approach. All modules are combined in advance. The entire program is tested as a whole and chaos usually results. Set of errors are encountered. Correction is difficult because the isolation of causes is complicated by the vast expense to the entire program. Once these errors are corrected, new ones appear and the process continues in a seemingly endless loop.
Incremental integration is the antithesis of the big bang approach. The program is constructed and tested in small segments, where errors are easier to isolate and correct; interfaces are more likely to be tested completely, and a systematic test approach may be applied.
Testing
Testing phase forms an important part of Software development. It is the process of finding the errors and missing operations and also a complete verification to determine whether the objectives are met and the user requirements are satisfied.
Test Plan

The test-case designer not only has to consider the white and black box test cases, but also the timing of the data and the parallelism of the tasks that handle the data. In many situations, test data provided when a real system is in one state will result in proper processing, while the same data provided when the system is in a different state may lead to error.
The intimate relationship that exists between real-time software and its hardware environment can cause testing problems. Software tests must consider the impact of hardware faults of software processing. Step strategy for real-time systems is proposed.
The first step in the testing of real-time software is to test each task independently (i.e.), the white and black box tests are designed and executed for each task. Each task is executed independently during these tests. The task testing uncovers errors in logic and functions, but will not uncover timing or behavioral errors.
Behavioral Testing

Using system models created with CASE tools, it is possible to simulate the behavior of a real - time system and examine its behavior as a consequence of external events. Using a technique that is similar to equivalence partitioning, events are categorized for testing. Each of these events are tested individually and the behavior of the executable system is examined to detect errors that occur as a consequence of processing associated with these events. Once, each class of events are tested. Events are presented to the system in random order and with random frequency.
Inter Task Testing

Once, the errors in individual tasks and in system behavior have been isolated, testing shifts to time-related errors. The asynchronous tasks that are known to communicate with one another are tested with different data rates and processing load to determine in inter mask synchronization errors with occur.
Validation Testing

At the culmination of integration testing, software is completely assembled as a package, interfacing errors have been uncovered and corrected, and a final series of software tests “ validation testing may begin. Validation can be defined in many ways, but a simple definition is that validation succeeded when the software functions in a manner that can be reasonably expected by the enquiry. At this point a battle hardened software developer might protect. Reasonable expectations are defined in the Software Requirement Specification a document that describes all user-visible attributes of the software. The specification contains a section called Validation criteria. Information contained in that section forms the basis for a validation testing approach.
Software validation is achieved through a series of black box tests that demonstrate conformity with requirements. A test plan outlines the classes of tests to be conducted and a test procedure defines specific test cases that will be used to demonstrate conformity with requirements. Both the plan and the procedure are designed to ensure that all functional requirements are satisfied, all performance requirements are achieved, that all functional requirements are satisfied, all performance requirements are achieved, documentation is correct and human engineered, and other requirements are met. The other requirements are transportability, compatibility error recovery, maintainability etc. After each validation test has been conducted, one of two possible conditions exists.
a) The function or performance characteristics conform to specification and are accepted.
b) A deviation from specification is uncovered and a deficiency list is created.
System Testing

The system testing is actually series of different tests whose primary purpose is to fully exercise the computer base system. It is divided into the following
Recovery Testing

The recovery testing is a system testing that forces the software to fail in a variety of ways and verifies that the recovery is properly performed. While running this software, if there is no proper connection to the backend, error message will be fired and on debugging this error could be detected and rectified.
Security Testing

The security testing is done to verify the protection mechanisms built in, to avoid improper penetration. Database security is ensured by means of restricting the update / delete and insert options and giving only read rights to the users. The XML Query processing is secured through the User id and Password. Access rights are given to the users. The programs verify these rights. If the user has the rights, then manipulations are allowed, otherwise the program generates an error message and quits the system.
Reply
#2
Hello,

I need help..
My project topic network security using honypot server..But i don't know that which type of packages are used in java for Network Security..Please help me
Hello,

My project topic is network security using honypot,but i don't how to implement it using java and which type of packages are used for that..plz help me..
Reply
#3
to get information about the topic data security full report ,ppt and related topic refer the page link bellow

http://studentbank.in/report-data-securi...anr-report

http://studentbank.in/report-data-securi...ars-report

http://studentbank.in/report-optical-disc-data-security

http://studentbank.in/report-data-securi...-firewalls

http://studentbank.in/report-three-dimen...a-security

http://studentbank.in/report-data-securi...pot-system

http://studentbank.in/report-data-securi...ort?page=2

http://studentbank.in/report-data-securi...ull-report

http://studentbank.in/report-data-securi...lls?page=2
Reply
#4
presented by:
M.AMULYA

[attachment=9014]
NETWORK SECURITY USING HONEYPOTS
ABSTRACT

Honeypots are an exciting new technology. They allow us to turn the tables on the bad guys. In the past several years there has been growing interest in exactly what this technology is and how it works.
A honeypot is used in the area of computer and Internet security. It is a resource, which is intended to be attacked and computerized to gain more information about the attacker, and used tools. One goal of this paper is to show the possibilities of honeypots and their use in research as well as productive environment.
Compared to an intrusion detection system, honeypots have the big advantage that they do not generate false alerts as each observed traffic is suspicious, because no productive components are running in the system.
INTRODUCTION:
Global communication is getting more important everyday. At the same time, computer crimes increasing. countermeasures are developed to detect or prevent attacks-most of these measurers are based on known facts, known attack patterns. As in the military, it is important to know, who your enemy is, what kind of strategy he uses, what tools he utilizes and what he is aiming for. Gathering this kind of information is not easy but important. By knowing attack strategies, countermeasures can be improved and vulnerabilities can be fixed. To gather as much information as possible is one main goal of honeypot.
A honeypot is primarily an instrument for the information gathering and learning. Its primary purpose is not to be ambush for the blackhat community to catch them in action and to press charges against them. The lies on silent collection of as much information as possible about their attack patterns, used programs, purpose of attack and blackhat community itself. All this information is used to learn more about the blackhat proceedings and motives as well as their technical knowledge and abilities. This is just primary purpose if honeypot. There are a lot of other possibilities for a honeypot-divert hackers form productive systems for catch a hacker while conducting an attack are just two possible examples.
Honeypots are not the perfect solution for solving or preventing computer crimes. Honeypots are hard to maintain and they need the good knowledge about the operating systems and network security. In the right hands honeypot is effective tool for the information gathering. In the wrong, unexperienced hands, a honeypot can become another infiltrated machine and an instrument for the black hat community.
HONEYPOT BASICS:
A honeypot is a resource whose value is being in attacked and compromised. This means, that a honeypot is expected to get probed, attacked and potentially exploited.
Honeypot do not fix anything. They provide us additional, valuable information.
A honeypot is a resource, which pretends to be real target. A honeypot is expected to be attacked or compromised. The main goals are the distraction of an attacker and the gain of the information about the attack and the attacker.
Value of honeypots:
There are two categories of honeypots.
 Production honeypots
 Research honeypots
A production honeypot is used to help migrate risk in an organization while the second category, is meant to gather as much information as possible. These honeypots do not add any security value to an oraganition, but they can help to understand the blackhat community and their attacks as well as to build some better defenses against security threats. A properly constructed honeypot is put on a network, which closely monitors the traffic to and from the honeypot. This data can be used for a variety of purposes.
 Forensicsanalyzing new attacks and exploits
 Trend analysislook for changes over time of types of attacks,techniques,etc
 Identificationtrack the bad guys back to their home machines to figure out who they are.
 Sociologylearn about the bad guys as a group by snooping on email,IRC traffic,etc which happens to traverse the honeypot.
In general every traffic from and to a honeypot is unauthorized activity. All the data that is collected by a honeypot is therefore interested data. Data collected by the honeypot is of high value, and can lead to better understanding and knowledge which in turn can help to increase overall network security. One can also argue that a honeypot can be used for prevention because it can deter attackers from attacking other systems by occupying them long enough and bind their resources.
Reply
#5
to get information about the topic Data Security Using Honeypot full report, ppt and related topic refer the page link bellow

http://studentbank.in/report-data-securi...pot-system

http://studentbank.in/report-data-securi...4#pid37714

http://studentbank.in/report-honeypots-s...ort?page=3

http://studentbank.in/report-honey-pot--2657

http://studentbank.in/report-honeypots-seminars-report

Reply
#6

hello,
plz tell me how find unusedIP(darkip)using honey pot.
my project is Darknet Monitoring using Honeypot plz help me how to implement it.
Reply

Important Note..!

If you are not satisfied with above reply ,..Please

ASK HERE

So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page
Tagged Pages: introduction to data security using honey pot system, data security using honey pot system,
Popular Searches: implementation of honey tokens, honey pots in network security abstract, seminar on honey pots, glycol seal pot function, technical seminar honey comb, preparation of coconut honey from matured coconut water pdf, ppt presentation on honey bee algorithm,

[-]
Quick Reply
Message
Type your reply to this message here.

Image Verification
Please enter the text contained within the image into the text box below it. This process is used to prevent automated spam bots.
Image Verification
(case insensitive)

Possibly Related Threads...
Thread Author Replies Views Last Post
  A Link-Based Cluster Ensemble Approach for Categorical Data Clustering 1 1,078 16-02-2017, 10:51 AM
Last Post: jaseela123d
  Cloud Computing Security: From Single to Multi-Clouds 1 827 14-02-2017, 04:56 PM
Last Post: jaseela123d
  Exploiting the Functional and Taxonomic Structure of Genomic Data by Probabilistic To 1 762 14-02-2017, 04:15 PM
Last Post: jaseela123d
  Security Analysis of the SASI Protocol computer science topics 2 1,961 21-06-2016, 10:30 PM
Last Post: Guest
  Remote Server Monitoring System For Corporate Data Centers smart paper boy 3 2,822 28-03-2016, 02:51 PM
Last Post: dhanabhagya
  Secured Data Hiding and Extractions Using BPCS project report helper 4 3,657 04-02-2016, 12:52 PM
Last Post: seminar report asees
  Data Hiding in Binary Images for Authentication & Annotation project topics 2 1,825 06-11-2015, 02:27 PM
Last Post: seminar report asees
  DATA LEAKAGE DETECTION project topics 16 13,062 31-07-2015, 02:59 PM
Last Post: seminar report asees
  INTELLECTUAL INFORMATION SYSTEM USING GPS+GSM smart paper boy 3 1,999 10-04-2015, 09:52 AM
Last Post: seminar report asees
  Security system using IP camera mechanical engineering crazy 5 4,354 16-03-2015, 02:52 PM
Last Post: seminar report asees

Forum Jump: