1. Final Year Project
Akash Raj guru (A00226145)
BACHELOR OF ENGINEERING (HONS) IN SOFTWARE ENGINEERING
YEAR 4
SUPERVISOR: Dr. Paul Jacob
INTRUSION DETECTION SYSTEM
With HONYPOTPLUS
Image is taken fromwww.itcomputersupportnewyork.com
ATHLONE INSTITUTE OF TECHNOLOGY
SCHOOL OF ENGINEERING
2. 1.1Project Title and Interpretation
TITLE: “Intrusion Detection System with HoneyPlus”
The goal of this project is to design and develop fully implementable
and tested java based intrusion detection system with Honeypot integrated , which
can monitor network traffic from the hostmachine bycapturing the network packets
from the live network. I have made the assumption that this tool will be able to
capture the network packets and allows the administrator to analyze the capture
packets and can also be able to provide some feature to control network traffic. In
order to control traffic from host machine a module called Firewall has been added,
which allows administrator to create specific rules and it also allow administrator to
delete the rule which are already created. This tool also able to dump (store) the
captured information into a particular file format on local machine as well as on
MondoDB server. This project also employee’s Honeypot which allows
administrator capture hackers information.
2. Number of modules
This productconsist of number of modules.
1. Packet capture
2. Port scanner
3. Storage of capture information on local machine
4. Storage of capture information on mongodb server
5. Firewall (prevention)
6. HoneyPlus(honeypot server to fool hackers)
2.1 Packet Capture
This module allow application to capture network packets from live wire.
Library Used
Jpcap library: - is an open source network packet capture library
which is based on the libpcap and winpcap lirearies .
Jpcap captures Ethernet, TCP, UDP, IPv4, IPv6, ARP and
ICMPv4 packets and analyzed each’s packet’s header and
payload.
Packet class in jpcap is used to access packet field information
and data. [1]
JpcapCaptor class:- for capturing and filtering packets.
3. Java Runtime class: - to execute windows network shell command.
Mongo driver: - to connect main application with MongoDB server.
2.2 Port scanner
This module allow application to display all open network ports oncomputer. It uses
the NETSTAT command to quickly see all the used and listening ports on your
computer.
2.3 Storage of capture information on local machine
This module allows application to store the captured information on local computer
in text format. The path to store the file is defined in application itself. The default
path is C:Temp.
2.4 Storage of capture information on mongodb server
This module allows application to store the captured information on remote or local
mongodb server. Mongodb stores the capture information in document format in its
collections. Currently the application is storing information on local MongoDB
server.
2.5 Firewall (prevention)
This is the module which enables prevention feature to application. Firewall module
uses the NETSH command to define set of rule for windows based system. It also
allow to delete rule which are defined. Using this feature user can control the
network traffic going through his machine.
4. 2.6 HoneyPlus(Honeypot Server for Hackers)
Honeypot is a trap set to detect, deflect, or, in some manner, counteract attempts at
unauthorized use of information systems. Generally, a honeypot consists of a
computer, data, or a network site that appears to be part of a network, but is actually
isolated and monitored, and which seems to contain information or a resource of
value to attackers.
IT is a decoy computer system for trapping hackers or tracking unconventional or
new hacking methods. Honeypots are designed to purposely engage and deceive
hackers and identify malicious activities performed over the Internet.
Scree Shot