Publication Details
Abstract
The dynamism of cyber crimes has made conventional security tools like firewalls and signature-based intrusion detection system (IDS) to be more and more ineffective in fighting the new and unknown threats. This paper introduces a centralized honeypot-based infrastructure that attempts to impersonate real network services (SSH, FTP, HTTP, and Telnet) to entice, interact, and garner intelligence on possible attackers. The suggested system is based on the usage of Modern Honey Network (MHN) as a central management server, Cowrie as a medium-interaction SSH/Telnet honeypot, and Amun as a low-interaction Python-based honeypot to emulate dummy services. EVE-NG and Oracle VirtualBox are used to simulate the network, and Wireshark is installed to inspect deep packet packets. The framework was tested with controlled brute force assaults on SSH (port 22) with Nmap ssh-brute scripting engine on Kali Linux, and direct connection assaults to other services. Findings indicate that the framework was effective in capturing attacker credentials, session behaviours, software tools, and network payloads thus providing real-time threat intelligence with minimal resource consumption. The proposed architecture presents a deployable and scalable architecture to defend both academic research and organizational networks and has potential to be extended to include machine learning-based anomaly detection and managed honeypots on a cloud platform.