Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Abstract. A honeypot is a security system designed for and exploit weaknesses in an IT system.
to detect and counteract unauthorized access or use Compared to an intrusion detection system,
of a computer system. The name "honeypot" is used honeypots have the upper hand that they do not
in reference to the way the system traps generate false alerts as each observed traffic is
unauthorized users, such as hackers or spammers suspicious, because there is no productive
so they can be identified and prevented from components running on the system under scanner.
causing further problems. Honeypots are different This easily enables the system to log every byte that
than typical security solutions because they flows through the network to and from the
intentionally lure in hackers or users with malicious honeypot, and to compare and check this
intent. For example, a company may purposely information from other known sources to get a
create a security hole in their network that hackers picture of an attack and the attacker.
could exploit to gain access to a computer system. In system security, honeypots are used to gain
The system might contain fake data that would be of knowledge of the assailants, their methods from
interest to hackers. By gaining access to the data, their assaults and after that change and reorganize
the hacker might reveal identifying information, the framework to strengthen up the security. The
such as an IP address, geographical location, escape clauses of the system security can be secured
computer platform and other data. This information with the assistance of data given by honeypots.
can be used to increase security against the hacker Honeypot can be figured as a framework used on a
and similar users. system for finding out the vulnerabilities of a PC or
the entire system. The escape clauses can be
Keywords: Intrusion detection system, honeypots, checked as a whole or separately of any framework,
attacker, security. as it is a selective system to learn about the
assailants and their assault methods used on the
I. system[2].
INTRODUCTION
A honeypot is used in computer and network
security fields. It can be considered as a service or a II.
resource which is intended to be attacked and CLASSIFICATION OF HONEYPOTS
compromised to gain more information about the Honeypots are regarded as virtual machines
attacker and their methods and tools used for the which acts like a genuine PC or network
breach. It can also be deployed to attract the framework. Honeypots can be classified into taking
attacker and divert his action away from real after classes on their utilization:
targets[1]. Research honeypots: These honeypots are
The idea of honeypots was mainly circulated by used mainly for observing and are utilized to
Lance Spitzner through his honeynets project. obtain data and watch the black-hat society.
According to Lance Spitzner, a honeypot is a The information picked up by the specialists
system designed to learn how “black-hats” probe are utilized for the early notices, judgment
of assaults, improve the interruption Honeynets: Honeynets can be described
discovery frameworks and outlining better to be a collection of at least two
devices for security. honeypots. A honeynet is used when
there is a need to observe a bigger or
Production honeypots: These honeypots potentially more complicated system in
are deployed by the enterprises as an which one honeypot won’t be successful.
addition to system security’s frame. These Honeynets and honeypots are normally
honeypots fill in as early alerting executed as parts of bigger system
frameworks. The purpose of these honeypots interruption recognition frameworks. A
is to expel the dangers in enterprises. It honeyfarm is a concentrated collection
gives the data to the administrator in charge of honeypots and similar investigation
before the genuine assault[2]. apparatuses.