Project Dissertation | Next-Generation Cybertrap

Added on - 17 Oct 2019

  • 57

    Pages

  • 12770

    Words

  • 103

    Views

  • 0

    Downloads

Trusted by +2 million users,
1000+ happy students everyday
Showing pages 1 to 8 of 57 pages
Project DissertationTitle:Next-GenerationCybertrap For Corporate Intrusion Detection Servers andIntrusion Prevention Servers in Enterprise Business.
TABLE OF CONTENTSINTRODUCTION...........................................................................................................................4Aim and Objectives....................................................................................................................11Background and motivation.......................................................................................................12Problem......................................................................................................................................12Proposed solution.......................................................................................................................12Structure of thesis.......................................................................................................................12Summary....................................................................................................................................13LITERATURE REVIEW..............................................................................................................14TECHNOLOGY............................................................................................................................21APPROACH..................................................................................................................................34DESIGN.........................................................................................................................................42IMPLEMENTATION....................................................................................................................47CONCLUSION..............................................................................................................................55REFERENCES..............................................................................................................................56
ABSTRACTNext Generation Intrusion Prevention Systems is also term as Intrusion Detection & PreventionSystems (IDPS). Here we can see that Next Generation Cyber trap for corporate intrusiondetections server and intrusion prevention servers in Enterprise business that consists of differentnetwork security applications which monitor the network and suspicious activities in the system.This system will protect the corporate from the default attacks to the new attack and also controlsthe system and prevent the system by the cyber threat. The expertise of Next-generation intrusionprevention system helps to protect the sensitive data and the information also the applicationfrom the cyber threat and manage the performance of the system. Our project is mainly focusedon explaining the different mitigation methodologies or techniques used by corporate for storinginformation and data that is going to be used in the network system. Further, in our paper, we aregoing to discuss more these things. In this type of mitigation plan, the attackers are not able topenetrate inside the system and outside the system to secure fully. After implementing thissystem in the corporate we will be able to find the types of attacks and methods used by theattackers so that we can easily install that technology in our system to protect information anddata against different types of cyber threats.
CHAPTER 1INTRODUCTION1.INTRODUCTIONCyber Trap becomes the trendsetting word in the growing generations’ minds who workupon a lot on the internet. This word will be more familiar for the corporate companies as theycome through such problems day-to-day basis. They make their process on the internet whichwill make their work so easier and instant. Believing in this, these crew people collect datafrom the internet but they were not aware of the problems which will affect them later. Due tothis access of internet, the hidden side of the internet gets wild and gains a lot of profit, butlocating and targeting the small corporate companies because they don’t maintain high securityon the internet. But they do believe that they have strong security connections that no one couldenter the area and access the data. Their intention is completely wrong because Cyber trap is ahuge background trap that takes out the data from their site with ease of effort. They areotherwise called as attackers of corporates who enjoy a lot in trapping and getting out the dataat the most level (Anita, K.et al., 2010).According to a recent survey, it is obvious that 96% of the business people are fooled bythe Cyber Trap method. To know about the happenings, the company brought out an idea todetect the attack made by the internet user. Then there was an emergence of a processor calledhoneypots to detect the malware capture, which is placed in a corner of a network to capture theattackers. The proposed system is capable of detecting the network attacks on significantresources and to capture the malware being spread in the network. This system consists ofvarious modules to monitor the system after knowing and understanding the basics from thehuman interaction. During the initial process of the detectors, they learn about the signature and
the behaviour of the malware. Later they were fed with the modern executables and binariessystem which them capable to find out the malware which harms the computing network. Thispackage checks for the malicious match to find out the harm material (Anita, K.et al., 2010).Then cyber trap came into charge, the Intrusion Detection module which acts more effectivewhich watches out for the intrusion chances. When an attack is made, it comes into act makingan attentive alarm which intends in creating a honeypot to which will be the replica of thevictim resource. All the services which were running on the victim machine will be faked intothe honeypot, in case of this, the attacker will redirect. But the IDS are very conscious clear thatthe redirected work should not be found out by the attacker. This additional feature of thismakes a good hype in this intrusion module detector. This even too provides a system calledsandbox, which will not harm the operation of the original resources and maintain the recordsin a safe manner. There comes along an automated honeypot management system whichmanages such critical circumstances. Every particular process will have a design feature whichgoes from initial to final stages. This design has made with five different modules namelyMalware detector, an Intrusion detector, Honeypot Manager, Auditor and Backup manager(Asmaa Shaker Ashoor,et al., 2012).To know about the attackers, the inventors had different methods of a plan to make theattackers attract towards their honeypots. To make this happen they made their trap by makingthe server most requested one and high ranking one which will lure more attackers. By thattime, the initial stage which is the Malware detector checks for the incoming threats whereasthe other modules will not get into charge unless they are needed. The honeypot managercreated the honeypots for the attackers to be detected to the server, then the Auditor checks thesystem for any malicious activity and in the generated logs after particular events next comes
the Backup manager who will in charge to backup the resources and honeypots whenevernecessary (Asmaa Shaker Ashoor,et al,2012).Malware DetectorThe malware detector works with collaboration and runs independently on the internetto detect and capture any malware in the network. This module consists of various functions,search for malware in different ways, and later submits the result to the server for furtherresearch. This module has 3 types naming fetcher, watcher and hunter. A fetcher is a servicewhich does cross-matching to catch any malicious files. Watcher watches the network for anyharm file to capture. Hunter is a pre-processor which extracts Windows binaries which comeinto the network and checks them for the unwanted harm files (DerisStiawan et al, 2011).Intrusion detectorIntrusion detector is similar when compared with the Hunter detector which is a pre-processor which controls the calling of other modules. Whenever there is an intrusion, theintrusion detector detects and shoots out an alert and calls other modules if necessary alone.The intrusion detector module has a function for log parsing, which keeps its eyes on the logfor intrusion attempts. Even in this case, if a harm is detected an alarm is provided to theadministrator. The module looks for the harm, if any harm is detected, it connects with thehoneypot module to create a honeypot and deal further with the attacker (DerisStiawan et al,2011).
Honeypot ManagerThis is one of the important modules is the honeypot manager, which creates a honeypotto locate the threats. The main function of this is to create a honeypot to take out the threats byfetching information from the intrusion detector. This module provides a sandbox feature sothat the attacker can play inside the honeypot without interrupting the original resources(DerisStiawan et al, 2011).AuditorThe auditor module functions to collect all the data connecting to the network to checkfor the intrusion or network changes. It checks for all changes which should be sent to theHoneypot manager so that it can able to create an absolute replica of the damaged data(DerisStiawan et al, 2011).Backup ManagerThe function of the Backup manager is so relevant to the name of the heading that itshould keep a backup of resources and the honeypots. This module takes regular backups andalways will be ready to provide the replica of resources and honeypots, to provide restoration incase of any sudden events. It would also be capable of creating a Honeypot which waspreviously attacked by the attacker. When instead of getting a clean honeypot, if an attackergets a resource with plenty amount, he might tend to leave some traces as the attacker will bekeen on taking out the data and the attacker will not be recognising that they are playing withhoneypot which would easily find out the attacker. The Honeypot manager too contains thebackup of the resource (DerisStiawan et al, 2011).
1.2 INTRUSION PREVENTION SERVERIntrusion prevention is as similar to intrusion detector in which it is detected and takenout, but the advanced level of it is the intrusion prevention which prevents the attackers enterinto the network which is much required every corporate company who maintain their mostvaluable and important data in the network. An exploit may carry out an instant after theattackers gain access whereas the intrusion prevention detector has the ability to take quickaction on it based on some kind of rules framed by the administrator. An effective intrusiondetector should perform very complex monitoring and analysis such as watching to the activityand responding to the administrator patterns and individual patterns. To be factual, an IntrusionPrevention System should use any product or method that is used to keep away the attackersfrom compromising the networking using some concepts like firewalls and anti-virus software.1.3 FIREWALLFirewall is an internet security which controls the incoming signals and outgoing signalsin the networking server. Network firewalls filter the traffic between the signals and run oncomputer hardware. Mostly, a firewall is always installed away from the remaining network sothat no other illegal signals enter into the private sector of the company.The firewall has three layers which protect the data to be attacked.1.Packet filters firewall2.Stateful filters firewall3.Application layer firewall
desklib-logo
You’re reading a preview
Preview Documents

To View Complete Document

Click the button to download
Subscribe to our plans

Download This Document