Enhanced Efficiency of Intrusion Detection Systems with Honey Pot in Cyber Security

Main Article Content

อรรถพล ป้อมสถิตย์

Abstract

This paper presents how Honeypot can help enhancing the efficiency of the Intrusion Detection Systems (IDS) in cyber security. Honeypot will distract, delay, or deviate hackers from attacking the computer network. There are three attacking technique which cause Denial of Service (DOS), delay or deviate: TCP Flood, UDP Flood and ICMP Flood. Honeyd, a part of Honeypot will be used to create a virtual computer or a virtual server within a particular secured network, without firewall or any other forms of security. Only Honeypot will be deployed on the network, while the Snort program will be used on IDS. All programs will be developed as Open Source on Linux OS. As a result of test on the internal and external network attack, we found that we can enhance the efficiency of the Intrusion Detection Systems (IDS) in cyber security by using Honeypot. The attacked rates on LAN network and WLAN network were not much different. However, comparing TCP Flood attack and ICMP Flood attack, TCP Floods attacked rate was 33.75% higher on internal network and 53.47% higher on external network than ICMP Flood attacked rate. In conclusion, TCP Flood attack and all forms of internal attacks are most harmful in cyber security.

Article Details

How to Cite
ป้อมสถิตย์ อ. . (2016). Enhanced Efficiency of Intrusion Detection Systems with Honey Pot in Cyber Security. KKU Science Journal, 44(2), 384–397. Retrieved from https://ph01.tci-thaijo.org/index.php/KKUSciJ/article/view/249523
Section
Research Articles