• Anil Kumar
• Jai Prakash Bhati

A modern day Network attack is typically defined as a methodology or a process used to compromise network security. These attacks could either be passive meaning the information is being monitored and is being snooped upon or active meaning the information is being stolen, altered, destroyed or corrupted depending on attacker’s intent. Cybercriminals are becoming increasingly persistent and sophisticated in their activities. The traditional approaches employed by the organizations of using security solutions like firewall, IPS/IDS, email security etc. are reactive in nature and depend on the existing signatures and pattern of know attack vectors. These solutions are incapable of finding out unknown threats and zero day attacks. The solution of deploying honeypots as a pre-emptive measure to cyber incidents has proven effective in countering such attacks. Honeypots can be helpful in prevention of operational network from network based attacks such as DDoS by heuristics based traffic anomaly detection with high probability by luring attackers. A honeypot is an active decoy and deception defence system for Network Security. It records and captures various intrinsic details and modus operandi of the attacker, tracks the tools and techniques used, and acts like an early warning system for the security teams. To prevent, detect and react to malicious intrusion [1] attempts without disturbing the existing system is the most critical challenge for Network Security teams. The problem of detecting unknown attacks can be solved to an extent by traffic anomaly detection. In this paper, it is proposed to configure a honeypot on a dummy machine and deploy it at the perimeter of organization’s network. This honeypot can be configured for a virtual environment and analysis of collected threat intelligence. Any network malware or an intruder on a network will typically try to scan to find the open ports and services running. Here goal is to keep selected ports open and run services that are directed to access honeypot and not towards the internal network. The logs and network traffic generated can then be studied and examined for heuristics based anomaly detection of any possible cyber incident for futuristic purposes. The logging capability of honeypot helps in examining traffic patterns, behavioural analysis, finger prints of various attack vectors and hash values.

"Heuristics Based Network Anomaly Detection Using Honeypot", International Journal of Emerging Technologies and Innovative Research (www.jetir.org), ISSN:2349-5162, Vol.6, Issue 3, page no.474-479, March-2019, Available :http://www.jetir.org/papers/JETIR1903565.pdf

"Heuristics Based Network Anomaly Detection Using Honeypot", International Journal of Emerging Technologies and Innovative Research (www.jetir.org | UGC and issn Approved), ISSN:2349-5162, Vol.6, Issue 3, page no. pp474-479, March-2019, Available at : http://www.jetir.org/papers/JETIR1903565.pdf