Network monitoring with honeytokens

OData support
Dr. Holczer Tamás
Department of Networked Systems and Services

The purpose of the thesis is to have introductory insight the world of network security and give a solution to the problem of data stealing. The attacks against computer systems are becoming more common especially in the business sector. The network monitoring can be solved with a wide variety of different systems. There are Intrusion Prevention Systems (IPS) which can save a system against attacks, and there are Intrusion Detection Systems (IDS) which can only inform if any attack happened against the system. I will implement a honeytoken system which is an IDS. The primary complaint with IDS is the number of false positives, but the honeytoken does not have this disadvantage.

The goal in both systems is to look for any signs that mean penetration. It can be a command from unknown, unauthorized address or illegal file opening too. The honeytoken does the latter; the attacker creates suspicious network traffic with honeytoken which is easily noticeable. This traffic is generated when the honeytoken file is opened.

During the semester I planned and implemented a honeytoken solution for the most commonly used file types which I can detect an intrusion in my system with. I made a program that can create tokens which can generate valid and usable honeytoken documents.

The last part of the task was to create a detection system which I can monitor the traffic generated by honeytokens with. I implemented this part with requests sent to an Apache server. With this requests my system can alert when it detects a honeytoken being opened. By the end of the project I created a working IDS solution.


Please sign in to download the files of this thesis.