Honeytrap is a security instrument intended to identify and forestall assaults on TCP and UDP administrations. It works as a foundation daemon and dispatches server processes when an association endeavor is made to a port. The instrument utilizes different strategies for activity to deal with associations, including sending conflicting information to impersonate notable conventions like TCP and UDP. This befuddles many robotized assault devices, which then, at that point, go on with the assault. To upgrade the instrument's usefulness, a module has been fostered that empowers custom expansions to be handily composed and stacked into the device. The device gathers assault information into an assault string, which can be saved to documents or a SQL data set for manual examination and further activity. Keywords: Honeypot, IDS, TCP and UDP protocols, SQL database
- Proposed System 6.1 Objective of the Project: The objective of the Honeypot deception method for real-time intrusion detection and prevention is to create a trap that appears to be a legitimate target for attackers, but in reality, is designed to detect and prevent malicious activity. A Honeypot is a decoy system that is set up to attract attackers and provide an environment where their actions can be observed and analyzed. The goal is to learn about the tactics, techniques, and procedures (TTPs) of attackers in order to improve security defenses and prevent future attacks. Honeypots are often used as a proactive security measure to detect and respond to attacks in realtime. They can be deployed on internal networks, external-facing systems, or in the cloud, and can be customized to simulate a wide range of services and applications. By mimicking legitimate systems, Honeypots can lure attackers into a controlled environment where their behavior can be monitored and analyzed without risking damage to the actual production systems. The use of Honeypots can provide valuable insight into the threat landscape, help identify new attack vectors, and improve incident response capabilities. By deploying Honeypots, organizations can gain a better understanding of their own vulnerabilities and improve their overall security posture. Additionally, Honeypots can help organizations meet compliance requirements by providing a mechanism to detect and prevent unauthorized access to sensitive information.
6.2 Novelty of the Project: The Honeypot Double dealing Technique for Continuous Interruption Discovery and Counteraction project has a few novel perspectives:
- Honeypot Innovation: The task uses honeypot innovation to distinguish and forestall interruptions. Honeypots are imitation frameworks that are intended to seem as though genuine frameworks yet are phony. By conveying honeypots, the undertaking can draw assailants from genuine frameworks and catch significant data about their strategies, methods, and methodology (TTPs).
- Continuous Interruption Recognition: The undertaking utilizes ongoing interruption location to recognize and answer assaults as they happen. This permits the undertaking to rapidly answer assaults and forestall further harm.
- Face Acknowledgment: The task utilizes face acknowledgment innovation to catch pictures and recordings of gatecrashers. This innovation permits the venture to distinguish gatecrashers and possibly connect them to different assaults.
- Message and Gmail Administrations Mix: The undertaking coordinates with Wire and Gmail administrations to advise security work force progressively when an interruption is identified. This permits security staff to rapidly answer assaults and make a suitable move.
- Moderate Code: The undertaking utilizes moderate Python code which makes it lightweight, quick, and simple to introduce. This permits the task to run proficiently on low-asset frameworks, like Raspberry Pi, and makes it open to a more extensive scope of clients.