Project Dissertation: Next Generation Cybertrap
Added on 2019-10-18
56 Pages12775 Words162 Views
Project DissertationTitle: Next-Generation Cybertrap for Corporate Intrusion Detection Servers and Intrusion Prevention Servers in Enterprise Business
TABLE OF CONTENTS INTRODUCTION...........................................................................................................................4Aim and Objectives....................................................................................................................11Background and motivation.......................................................................................................12Problem......................................................................................................................................12Proposed solution.......................................................................................................................12Structure of thesis.......................................................................................................................12Summary....................................................................................................................................13LITERATURE REVIEW..............................................................................................................14TECHNOLOGY............................................................................................................................21APPROACH..................................................................................................................................34DESIGN.........................................................................................................................................42IMPLEMENTATION....................................................................................................................47CONCLUSION..............................................................................................................................55REFERENCES..............................................................................................................................56
ABSTRACTNext Generation Intrusion Prevention Systems is also term as Intrusion Detection & PreventionSystems (IDPS). Here we can see that Next Generation Cyber trap for corporate intrusiondetections server and intrusion prevention servers in Enterprise business that consists of differentnetwork security applications which monitor the network and suspicious activities in the system.This system will protect the corporate from the default attacks to the new attack and also controlsthe system and prevent the system by the cyber threat. The expertise of Next-generation intrusionprevention system helps to protect the sensitive data and the information also the applicationfrom the cyber threat and manage the performance of the system. Our project is mainly focusedon explaining the different mitigation methodologies or techniques used by corporate for storinginformation and data that is going to be used in the network system. Further, in our paper, we aregoing to discuss more these things. In this type of mitigation plan, the attackers are not able topenetrate inside the system and outside the system to secure fully. After implementing thissystem in the corporate we will be able to find the types of attacks and methods used by theattackers so that we can easily install that technology in our system to protect information anddata against different types of cyber threats.
CHAPTER 1INTRODUCTION1.INTRODUCTION Cyber Trap becomes the trendsetting word in the growing generations’ minds who work upon alot on the internet. This word will be more familiar for the corporate companies as they comethrough such problems day-to-day basis. They make their process on the internet which willmake their work so easier and instant. Believing in this, these crew people collect data from theinternet but they were not aware of the problems which will affect them later. Due to thisaccess of internet, the hidden side of the internet gets wild and gains a lot of profit, but locatingand targeting the small corporate companies because they don’t maintain high security on theinternet. But they do believe that they have strong security connections that no one could enterthe area and access the data. Their intention is completely wrong because Cyber trap is a hugebackground trap that takes out the data from their site with ease of effort. They are otherwisecalled as attackers of corporates who enjoy a lot in trapping and getting out the data at the mostlevel (Anita, K. et al., 2010).According to a recent survey, it is obvious that 96% of the business people are fooled by theCyber Trap method. To know about the happenings, the company brought out an idea to detectthe attack made by the internet user. Then there was an emergence of a processor calledhoneypots to detect the malware capture, which is placed in a corner of a network to capture theattackers. The proposed system is capable of detecting the network attacks on significantresources and to capture the malware being spread in the network. This system consists ofvarious modules to monitor the system after knowing and understanding the basics from thehuman interaction. During the initial process of the detectors, they learn about the signature and
the behaviour of the malware. Later they were fed with the modern executables and binariessystem which those capable to find out the malware which harms the computing network. Thispackage checks for the malicious match to find out the harm material (Anita, K. et al., 2010).Then cyber trap came into charge, the Intrusion Detection module which acts more effectivewhich watches out for the intrusion chances. When an attack is made, it comes into act makingan attentive alarm which intends in creating a honeypot to which will be the replica of thevictim resource. All the services which were running on the victim machine will be faked intothe honeypot, in case of this, the attacker will redirect. But the IDS are very conscious clear thatthe redirected work should not be found out by the attacker. This additional feature of thismakes a good hype in this intrusion module detector. This even too provides a system calledsandbox, which will not harm the operation of the original resources and maintain the recordsin a safe manner. There comes along an automated honeypot management system whichmanages such critical circumstances. Every particular process will have a design feature whichgoes from initial to final stages. This design has made with five different modules namelyMalware detector, an Intrusion detector, Honeypot Manager, Auditor and Backup manager(Asmaa Shaker Ashoor, et al., 2012).To know about the attackers, the inventors had different methods of a plan to make theattackers attract towards their honeypots. To make this happen they made their trap by makingthe server most requested one and high ranking one which will lure more attackers. By thattime, the initial stage which is the Malware detector checks for the incoming threats whereasthe other modules will not get into charge unless they are needed. The honeypot managercreated the honeypots for the attackers to be detected to the server, then the Auditor checks thesystem for any malicious activity and in the generated logs after particular events next comes
the Backup manager who will in charge to back up the resources and honeypots whenevernecessary (Asmaa Shaker Ashoor, et al, 2012). Malware DetectorThe malware detector works with collaboration and runs independently on the internet to detectand capture any malware in the network. This module consists of various functions, search formalware in different ways, and later submits the result to the server for further research. Thismodule has 3 types naming fetcher, watcher and hunter. A fetcher is a service which doescross-matching to catch any malicious files. Watcher watches the network for any harm file tocapture. Hunter is a pre-processor which extracts Windows binaries which come into thenetwork and checks them for the unwanted harm files (DerisStiawan et al, 2011).Intrusion detectorIntrusion detector is similar when compared with the Hunter detector which is a pre-processorwhich controls the calling of other modules. Whenever there is an intrusion, the intrusiondetector detects and shoots out an alert and calls other modules if necessary alone. Theintrusion detector module has a function for log parsing, which keeps its eyes on the log forintrusion attempts. Even in this case, if a harm is detected an alarm is provided to theadministrator. The module looks for the harm, if any harm is detected; it connects with thehoneypot module to create a honeypot and deal further with the attacker (DerisStiawan et al,2011).
Honeypot ManagerThis is one of the important modules is the honeypot manager, which creates a honeypot tolocate the threats. The main function of this is to create a honeypot to take out the threats byfetching information from the intrusion detector. This module provides a sandbox feature sothat the attacker can play inside the honeypot without interrupting the original resources(DerisStiawan et al, 2011).AuditorThe auditor module functions to collect all the data connecting to the network to check for theintrusion or network changes. It checks for all changes which should be sent to the Honeypotmanager so that it can able to create an absolute replica of the damaged data (DerisStiawan etal, 2011).Backup ManagerThe function of the Backup manager is so relevant to the name of the heading that it shouldkeep a backup of resources and the honeypots. This module takes regular backups and alwayswill be ready to provide the replica of resources and honeypots, to provide restoration in case ofany sudden events. It would also be capable of creating a Honeypot which was previouslyattacked by the attacker. When instead of getting a clean honeypot, if an attacker gets aresource with plenty amount, he might tend to leave some traces as the attacker will be keen ontaking out the data and the attacker will not be recognising that they are playing with honeypotwhich would easily find out the attacker. The Honeypot manager too contains the backup of theresource (DerisStiawan et al, 2011).
1.2 INTRUSION PREVENTION SERVERIntrusion prevention is as similar to intrusion detector in which it is detected and taken out, butthe advanced level of it is the intrusion prevention which prevents the attackers enter into thenetwork which is much required every corporate company who maintain their most valuableand important data in the network. An exploit may carry out an instant after the attackers gainaccess whereas the intrusion prevention detector has the ability to take quick action on it basedon some kind of rules framed by the administrator. An effective intrusion detector shouldperform very complex monitoring and analysis such as watching to the activity and respondingto the administrator patterns and individual patterns. To be factual, an Intrusion PreventionSystem should use any product or method that is used to keep away the attackers fromcompromising the networking using some concepts like firewalls and anti-virus software. 1.3 FIREWALLFirewall is an internet security which controls the incoming signals and outgoing signals in thenetworking server. Network firewalls filter the traffic between the signals and run on computerhardware. Mostly, a firewall is always installed away from the remaining network so that noother illegal signals enter into the private sector of the company.The firewall has three layers which protect the data to be attacked.1.Packet filters firewall 2.Stateful filters firewall 3.Application layer firewall
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Project Dissertation | Next-Generation Cybertraplg...
|57
|12770
|276
Next-Generation Cybertrap For Corporate Intrusion Detection Servers and Intrusion Prevention Servers in Enterprise Businesslg...
|60
|14078
|321
Project Dissertation Proposal: Next Generation Cybertraplg...
|12
|4471
|188
Next-Generation Cybertap For Corporate Intrusion Detectionlg...
|10
|4380
|172
Next-Generation Cybertrap For Corporate Intrusion Detection and Preventionlg...
|11
|2647
|482
MN692 Capstone Project (pdf)lg...
|20
|4252
|34