Abstract—With network for protecting from malicious usage of

Abstract—With the recent advancements in cyberattacks, honeypots can be used to ensure security. Honeypot uses deception to trap the attacker, learn about his methods. The purpose of the paper is to give an in-depth idea about what honeypot is and how it can be deployed on a network for protecting from malicious usage of any sensitive data. It also focuses on the attacks that occur on a honeypot system. Keywords—Honeypot, Production honeypot, Research Honeypot, interaction levels, Honeynet Introduction     Advances in Technology and human dependency on them are rapidly increasing gradually. Apart from this, the number of devices connected to a Network is also on its peak.  With these ever changing technologies, threats are also increasing day by day. Therefore for any network administrator it becomes at most necessary to protect the systems and system data on a network from any attackers.There are possibilities of many loopholes in a network. A hacker tries to detect these vulnerabilities in the network and then attack it in order to get the access of important and confidential information stored on the network. The hacker can also manipulate the sensitive information or can delete the important records. Hackers can attack using various types of attacks such as denial of service attack, brute force attack, phishing attack, IP Spoofing and many more. These potential attacks can manipulate the system data or use it for malicious activities. There are various technologies developed for preventing the systems from these attacks. One of such technology is the Intrusion Detection System. The Intrusion Detection System runs in the background which monitors the system and detects malicious activities on it.  Intrusion detection system can be of two types one which just notifies or alerts the network administrator about an intrusion detected and the other type lets the network administrator to take action against the intruder. However it does not obtain information about the attackers. Another drawback of the Intrusion Detection System is that in case of heavy traffic on the network, it is difficult to determine which packets are deviated. Intrusion detection system are mainly suitable for small scale network where preventing data breach is secondary purpose.Honeypot is a system which is deployed on a network in order to detect malicious activities and protect the system from various attacks. Honeypot detects malicious activities and tries to deceive the attacker. The attacker thinks that the system which is being attacked is a real system whereas it is a trap created by the Honeypot. In this process the Honeypot tries to obtain the information about the attacker and also prevent the network from the attacks. In other terms, Honeypot is basically a decoy or a trap.This paper gives an overview of Honeypot and its application in real time systems. The objective of this paper is to represent the various trends and opportunities for Honeypot researchers. Basic Theory     A honeypot is a system  that is usually designed with the aim of detecting and trapping any attempt to penetrate into an experimental system. It acts as masquerade to the attacker. If the attacker breaks into the system or server, then the honeypot that resembles the original server will be assaulted by the attack, while the actual system remains safe and untouched as a server behind the honeypot. For those who are not experienced attackers, they tend to think that they have easily managed to hack the system / server.  However, all actions, tools, and techniques used in the attack have been recorded for study by the System Administrator concerned through the data and information presented by the honeypot.According to their use and their involvement, Honeypots can be classified as production and research honeypots.Production Honeypot –     Production Honeypots are primary honeypots which only detect the attacks and provide a warning to the attackers. These honeypots are easy to deploy and provide minimum information about the attacks and attackers. Research Honeypot –     Research Honeypots are high level honeypot which are used by researchers or professionals. These honeypots are capable of obtaining information about the attackers as well as the techniques used by the attacker. These honeypot gather as much information as possible. They provide information which can be used for statistical study or investigation.Level of InteractionHoneypot can be implemented in three different levels depending upon its interaction and way of handling network security. Low level interaction:  Honeypot designed to operate at low level interaction  is the most simplest honeypot. A low level interaction honeypot just tries to record or log information about the attacker. But the drawback here is, the attacker can easily recognize a honeypot at this level. Medium level interaction: As compared to low level honeypot, a medium level honeypot cannot be recognized easily. Medium level honeypot are more complex than low level interaction honeypot but long-delayed.High level interaction: High level interaction are complex to setup as they involve  real time operation system. Honeypot at this level misguides the hacker to a fake system.Honeynet     In a network, if there are too many honeypots deployed then it is known as a Honeynet. Typically, a honeynet is used for monitoring and/or more diverse network in which one honeypot may not be sufficient.The purpose of honeynet is to better understand the hacker’s behaviour and methodologies. They allow hacker to be easily identified. Proposed SystemThe purpose of the proposed system is to design a honeypot on a network and check the efficiency by attacking the same. Following are the steps for extraction procedure of honeypot.Identify any attack on the system and to log source and target information.Redirecting the intruder to the honeypot.Extracting the attacker’s information. Ban attacker from the network.Generating records and statistical data.