Abstract
In recent years, the cyber warfare has gone far longer and wider than it used to be. Cyber terrorism, government as well as organization backed attacks on critical facilities and attacks on big financial institutes made Information Security the pillar of digital systems. With the increase in the penetration level of computing devices and the rapid proliferation of the cloud for varieties of services, more attacks are materializing to affect individuals who use the systems.
Dealing with such security issues require a holistic view of the problem, its causes and the overall effect. An important step towards understanding the problem and its causes is increasing the knowledge base about the capabilities and interests of the black-hat community. This is made possible through the usage of honeypots, machines that run with the primary intent of luring attackers and collecting information about probes and attacks. Honeypots/Honeynets have been used in devising early warning systems, identification of zero-day vulnerabilities and tracking botnets. Some honeynet implementations
were distributed by design but run low and medium interaction
honeypots which lack the capability to learn more about attacks and attackers. Those that implement high-interaction honeypots on the other hand were limited to specific geographical locations. To deal with such limitations, this research has developed a distributed high interaction honeynet model and implemented the model in the cloud as well as the network of HiOA. Distributing the honeypots helped in understanding the global level attack landscape. The results show the dominance of SSH scan related attacks and the different forms the attacks take on compromised machines. The data analysis has also
lead to tracking of botnets over IRC networks and it was possible to intercept a handful of malicious servers along with their list of zombies located in different continents. With some enhancements and by running the honeypots for a longer period of time better result would also be achieved.