Collection and Analysis of Attackers Data using Honeynet

Abstract

Honey pots and honey nets are secure unconventional tools to study techniques, methods, tools, and goals of attackers. Therefore, data analysis is an important part of honey pots and honey nets. Honey pots are devices deployed specifically to be a resource for the attack or compromising. Honeynets are deployed to collect information, namely the tools and tactics and motivations of the hacker’s community, and then this information is used to protect the organizations from different threats. This research aims to study the most frequent, new and automated attacks, moreover the behavior of the malicious attackers is analyzed as soon as they got manage to access a new host. Virtual honey net is implemented in order to capture the whole activities of the attackers. The collected data is analyzing using Wireshark in order to get massive information about hackers. In addition to this, the research explains a secure method to transfer collected data from honey pots to be Analyzed. Results were analyzed attacks targeting our honeynet over a period of 60 days, which made it obviously for us to know: Attacked/Probed ports and services, Attacker IP's, OS used in every packet that were captured, Packet length, format, and time.