A

Seminar Report
On

HONEYPOT
Submitted by

Shriom Dineshrao Burande

2230331372087

Under the guidance of

Prof. Snehal S. Gaikwad.

Department of Electronics & Telecommunication Engineering

Dr. Babasaheb Ambedkar Technological
University,
Lonere-402103
2022-2023
 CERTIFICATE
This is to certify that the seminar entitled “BLU-RAY DISC” is the record of bona fide work
carried out by Miss. VINANTI RAVINDRA MHATRE (PRN No.2130331372045) under
our guidance. This work is carried out in requirement of partial fulfillment in the award of
completion of seminar course in Dr. Babasaheb Ambedkar Technological University, Lonere,
Raigad in the academic year 2022-2023.

Prof. Snehal S. Gaikwad Prof. Sanjay. L. Nalbalwar

(Seminar Guide) Professor and Head
Department of Electronics &
Telecommunication
Engineering
External Examiner:

1. ………………………………

2. ………………………………

Date:

Place:
 ACKNOWLEDGEMENT

I thank to Dr. Sanjay L. Nalbalwar Professor and Head of the Electronic and
Telecommunication Engineering department, for his valuable suggestion and cooperation in
the completion of the seminar.
I thank to Prof. Snehal S. Gaikawad, Professor of the Electronic and Telecommunication
Engineering Department, for his valuable suggestions in the completion of the seminar.

I thank to Prof. Aniket A. Jangam, Assistant Professor, and Seminar

Co-ordinators of the Electronic and Telecommunication Engineering Department, for their
valuable suggestions in the completion of the seminar.

Shriom Dineshrao Burande

(2230331372087)
 ABSTRACT
HoneyPots have emerged as a fascinating and proactive technique in the field of cybersecurity.
These decoy systems attract malicious actors, diverting their attention away from critical assets
and providing valuable insights into their tactics and techniques. This seminar aims to delve
into the world of HoneyPots, investigating their diverse types, deployment strategies, and the
benefits they offer in terms of threat intelligence and proactive defense mechanisms. By
analyzing real-world case studies and discussing the ethical considerations surrounding the use
of HoneyPots, this seminar intends to provide attendees with a comprehensive understanding
of this innovative cybersecurity approach and its potential to enhance organizational security
posture.
 INDEX

Chapter No. Title Page No.

Chapter 1 INTRODUCTION 1
Chapter 2 HISTORY 2
Chapter 3 WORKING OF HONEYPOT 4
Chapter 4 TYPES OF HONEYPOT 6
4.1 Purpose 6
4.1.1 Production Honeypot 6
4.1.2 Reaserch Honeypot 7
4.2 Interaction 7
4.2.1 High-Interaction 7
4.2.2 Mid-Intraction 7
4.2.3 low-Interaction 7
7
Chapter 5 Advantages Of Honeypot 8
5.1 threat Detection 8
5.2 early warning System 8
5.3 Deception And Misdirection 8
5.4 Luring And dealying Attackers 8
5.5 Legal And Ethical Insight 8

Chapter 6 Disadvatge Of Honeypot 9

6.1 False Positive And Negative 9
6.2 Security Risk 9
6.3 Ethical And Legal Concernce 9
6.4 Limiting Applicability 9
6.5 Limitimg Preventaion Capability 9

Chapter 7 Future Of Honeypot 10

7.1 Advance Treat Detection 10
7.2 Machin Learning And AI. 10
7.3 Automotion Of Orhestration 10

Chapter 8 CONCLUSION 11

REFERENCE 12
 A Seminar Report on “HONEYPOT”
__________________________________________________________________________________

CHAPTER 1
INTRODUCTION

The Honeypots are specialized decoy systems designed to attract and deceive cyber attackers.
Unlike traditional security measures that focus on keeping adversaries out, honeypots invite
them in, allowing security professionals to study their tactics, techniques, and procedures. This
seminar aims to shed light on the significance of honeypots in contemporary cybersecurity
strategies.

Firstly, we will delve into the fundamental concept of honeypots, examining their purpose and
how they differ from conventional security measures. By understanding their unique role, we
can appreciate their value as proactive tools in identifying and mitigating potential threats.

Next, we’ll explore the various types of honeypots, ranging from low-interaction to high-
interaction, and their applications in different environments. Each type serves a distinct
purpose, enabling organizations to tailor their cybersecurity strategies based on their specific
needs and risk tolerance.

The seminar will also touch upon the deployment and management of honeypots. This includes
considerations such as placement within a network, emulation of realistic services, and the
importance of timely and accurate data collection for analysis.

Furthermore, we’ll discuss the benefits and challenges associated with honeypot
implementation. While honeypots provide valuable insights into evolving cyber threats, they
also demand careful planning and monitoring to avoid potential risks to an organization’s
infrastructure.

1
DR. BABASAHEB AMBEDKAR TECHNOLOGICAL UNIVERSITY
DEPARTMENT OF ELECTRONICS AND TELECOMMUNICATION.
 A Seminar Report on “HONEYPOT”
__________________________________________________________________________________

CHAPTER 2
HISTORY
1. Early Concept (1990s):The concept of honeypots was first introduced by Clifford Stoll
in his book “The Cuckoo’s Egg” (1989). However, the formalization and development
of honeypots as a cybersecurity tool began in the early 1990s.

2. Fred Cohen’s Research (1991): Fred Cohen, a computer scientist, conducted pioneering
research on honeypots in 1991. He defined a honeypot as a security mechanism aimed
at deceiving and detecting attackers.

3. Deception Toolkit (1998): The first honeypot project, called the Deception Toolkit, was
initiated by Niels Provos and Thorsten Holz in 1998. It marked a crucial step in
developing practical honeypot systems.

4. Honeynet Project (1999): The Honeynet Project, founded by Lance Spitzner in 1999,
played a pivotal role in advancing honeypot technology. It focused on deploying
honeypots globally to study and analyze cyber threats.

5. High-Interaction Honeypots (2000s): High-interaction honeypots, capable of

simulating a real operating system to attract sophisticated attacks, gained popularity in
the early 2000s. They provided more detailed insights into attackers’ methods.

6. GENI (2002): The Global Environment for Network Innovations (GENI) project, led
by Dr. Wenke Lee in 2002, aimed to develop advanced honeypot technologies. It
contributed to the evolution of honeypots in academic and research settings.

7. Modern Honeypot Deployments (2010s): As cyber threats continued to evolve,

organizations increasingly deployed honeypots as part of their cybersecurity strategies.
Open-source honeypot solutions, such as Honeyd and Dionaea, gained popularity.

8. Emergence of Threat Intelligence (2010s): Honeypots became integral to threat

intelligence, providing valuable data on emerging threats and attacker techniques. This
contributed to the proactive defense strategies of many organizations.

2
DR. BABASAHEB AMBEDKAR TECHNOLOGICAL UNIVERSITY
DEPARTMENT OF ELECTRONICS AND TELECOMMUNICATION.
 A Seminar Report on “HONEYPOT”
__________________________________________________________________________________

9. Commercialization and Integration (2010s): Commercial cybersecurity vendors started

integrating honeypot features into their security suites. This trend highlighted the
broader acceptance of honeypots as effective tools in detecting and mitigating cyber
threats.

10. Diversity of Honeypots (2020s): Honeypots have evolved to include various types, such
as low-interaction, medium-interaction, and high-interaction honeypots, catering to
different security needs. They continue to play a crucial role in cybersecurity research,
education, and defense.

3
DR. BABASAHEB AMBEDKAR TECHNOLOGICAL UNIVERSITY
DEPARTMENT OF ELECTRONICS AND TELECOMMUNICATION.
 A Seminar Report on “HONEYPOT”
__________________________________________________________________________________

CHAPTER 3
WORKING OF HONEYPOTS

In many ways, a honeypot looks exactly like a genuine computer system. It has the
applications and data that cyber criminals use to identify an ideal target. A honeypot can, for
instance, pretend to be a system that contains sensitive consumer data, such as credit card or
personal identification information. The system can be populated with decoy data that may
draw in an attacker looking to steal and use or sell it. As the attacker breaks into the
honeypot, the IT team can observe how the attacker proceeds, taking note of the various
techniques they deploy and how the system’s defenses hold up or fail. This can then be used
to strengthen the overall defenses used to protect the network.

Honeypots use security vulnerabilities to lure in attackers. They may have ports that are
vulnerable to a port scan, which is a technique for figuring out which ports are open on a
network. A port left open may entice an attacker, allowing the security team to observe how
they approach their attack.

Honeypotting is different from other types of security measures in that it is not designed to
directly prevent attacks. The purpose of a honeypot is to refine an organization’s intrusion
detection system (IDS) and threat response so it is in a better position to manage and prevent
attacks.

4
DR. BABASAHEB AMBEDKAR TECHNOLOGICAL UNIVERSITY
DEPARTMENT OF ELECTRONICS AND TELECOMMUNICATION.
 A Seminar Report on “HONEYPOT”
__________________________________________________________________________________

There are two primary kinds of honeypots: production and research. Production honeypots
focus on the identification of compromises in your internal network, as well as fooling the
malicious actor. Production honeypots are positioned alongside your genuine production
servers and run the same kinds of services.

Research honeypots, on the other hand, collect information regarding attacks, focusing not
just on how threats act within your internal environment but how they operate in the wider
world. Gathering information about threats in this way can help administrators design
stronger defense systems and figure out which patches they need to prioritize. They can then
ensure that sensitive systems have up-to-date security measures to defend against the attacks
that fell for the honeypot’s lures.

5
DR. BABASAHEB AMBEDKAR TECHNOLOGICAL UNIVERSITY
DEPARTMENT OF ELECTRONICS AND TELECOMMUNICATION.
 A Seminar Report on “HONEYPOT”
__________________________________________________________________________________

CHAPTER 4
TYPES OF HONEYPOTS

4.1 Purpose
4.1.1 Production Honeypot

The most common type, a production honeypot is a type of honeypot that’s used to
collect cybersecurity-related information within a business’s or organization’s production
network. Once deployed, the production honeypot will wait for an attack. If an attack occurs,
it may collect data such as originating Internet Protocol (IP) addresses, traffic frequency and
volume, directories accessories and more Production honeypots are popular among businesses
because they are easy to use while revealing essential information about cyber threats and
vulnerabilities facing their networks. With that said, production honeypots generally don’t
reveal as much information as their research counterparts.

6
DR. BABASAHEB AMBEDKAR TECHNOLOGICAL UNIVERSITY
DEPARTMENT OF ELECTRONICS AND TELECOMMUNICATION.
 A Seminar Report on “HONEYPOT”
__________________________________________________________________________________

4.1.2 Research Honeypot

A research honeypot, on the other hand, is a type of honeypot that’s used to collect
information about the specific methods and tactics hackers use. Like production honeypots,
they consist of fake data that looks sensitive and valuable to hackers. Research honeypots also
collect information about attacks and vulnerabilities.
Research honeypots typically aren’t used by businesses. Rather, they are used by government
and research organizations. That’s essentially how they differ from production honeypots.
While production honeypots are used within a business’s network, research honeypots are
deployed elsewhere — typically on multiple networks or locations.Research honeypots are also
more complex than production honeypots. As a result, they require more work to deploy.
Because of their complexity, though, research honeypots provide more information about
attacks and vulnerabilities.

4.2 Interaction
4.2.1 High-interaction Honeypot
A high interaction honeypot is actually configured to mirror a production system, and is
designed to give an attacker full reign of an operating system in the event that they are lured
into compromising it. This system will be configured to utilize extensive system and file
system logging, and will also be subject to a very exhaustive set of IDS rules and monitoring.
High interaction honeypots will often exist as virtual machines so that they can be reverted
back to a known clean snapshot with relative ease.
When implementing a high interaction honeypot, special precautions must be taken to limit
the attacker’s ability to use the system as a staging point for attacks against the production
system. They must be allowed to compromise the machine and perform some level of activity
without being able to use their control of the system to take advantage of legitimate systems
on the network.

4.2.2 Mid Interaction Honeypot

Medium-interaction honeypots offer attackers more ability to interact than do low-
interaction honeypots but less functionality than high-interaction solutions. They can expect
certain activity and are designed to give certain responses beyond what a low-interaction
honeypot would give.
4.2.3 low-Interaction Honeypot

A low interaction honeypot will only give an attacker very limited access to the operating
system. ‘Low interaction’ means exactly that, the adversary will not be able to interact with
your decoy system in any depth, as it is a much more static environment. A low interaction
honeypot will usually emulate a small amount of internet protocols and network services, just
enough to deceive the attacker and no more. In general, most businesses simulate protocols
such as TCP and IP, which allows the attacker to think they are connecting to a real system
and not a honeypot environment.

7
DR. BABASAHEB AMBEDKAR TECHNOLOGICAL UNIVERSITY
DEPARTMENT OF ELECTRONICS AND TELECOMMUNICATION.
 A Seminar Report on “HONEYPOT”
__________________________________________________________________________________

CHAPTER 5
ADVANTAGES OF HONEYPOTS
5.1 Threat Detection:
Honeypots act as decoy systems that attract attackers, allowing security teams to detect and
study their activities. By analyzing the interactions with the honeypot, security professionals
can identify new and evolving threats.

5.2 Early Warning System:

Honeypots provide an early warning of potential attacks since any activity on the honeypot is
likely to be suspicious.This allows organizations to take proactive measures before a full-scale
attack occurs.By studying the tactics, techniques, and procedures (TTPs) used by attackers on
honeypots, security teams gain valuable insights into evolving attack methods.This information
helps in enhancing overall cybersecurity measures.

5.3 Deception and Misdirection:

Honeypots create confusion for attackers by presenting enticing targets that divert their
attention away from critical systems. This deceptive strategy can buy time for organizations to
respond effectively.Honeypots serve as a controlled environment for simulating and analyzing
cyberattacks.Security teams can use the gathered data to improve incident response procedures
and enhance overall cyber resilience.

5.4 Luring and Delaying Attackers

Honeypots can delay attackers by keeping them engaged in interactions with the decoy
systems, giving security teams more time to respond.The delay can be crucial in preventing or
mitigating the impact of an attack. Information collected from honeypots contributes to threat
intelligence databases.Sharing this intelligence with relevant communities helps in building a
collective defense against common and emerging threats.

5.5 Legal and Ethical Insights

Since honeypots are isolated and controlled environments, organizations can legally and
ethically observe and analyze malicious activities without impacting real systems.This can be
valuable for understanding the legal implications of certain cyber threats.

8
DR. BABASAHEB AMBEDKAR TECHNOLOGICAL UNIVERSITY
DEPARTMENT OF ELECTRONICS AND TELECOMMUNICATION.
 A Seminar Report on “HONEYPOT”
__________________________________________________________________________________

CHAPTER 6
DISADVANTAGE OF HONEYPOT
6.1 False Positives and Negatives:
Honeypots can generate false positives, indicating an attack when there isn't one, or false
negatives, failing to detect a real threat. This can lead to wasted resources or overlooking actual
security issues.Operating honeypots can be resource-intensive in terms of time, effort, and
computing resources. Maintaining and analyzing the data generated by honeypots require
dedicated personnel and systems.

6.2 Security Risks:

If not properly configured and monitored, honeypots themselves can become targets for
attackers. Malicious actors might exploit vulnerabilities in the honeypot system, compromising
the very security it was intended to enhance. Honeypots focus on a specific area or aspect of
the network, providing limited overall visibility. This narrow scope might result in missing
attacks targeting other parts of the infrastructure.

6.3 Ethical and Legal Concerns:

Honeypots may attract malicious activity, and if not managed carefully, this could result in
legal and ethical dilemmas. False attribution or accidental disruption of legitimate users could
lead to legal issues for the organization deploying the honeypot. Implementing and
maintaining honeypots can be expensive. It involves costs associated with hardware, software,
personnel training, and ongoing monitoring. For smaller organizations with limited resources,
this can be a significant drawback.

6.4 Limited Applicability:

Honeypots might not be suitable for all environments. In highly dynamic or critical
systems, the risks and costs associated with honeypots might outweigh their benefits.

6.5 Limited Prevention Capability:

While honeypots can help in detecting and studying attacks, they do not prevent attacks in
real-time. Organizations may need additional security measures to actively thwart malicious
activities.

9
DR. BABASAHEB AMBEDKAR TECHNOLOGICAL UNIVERSITY
DEPARTMENT OF ELECTRONICS AND TELECOMMUNICATION.
 A Seminar Report on “HONEYPOT”
__________________________________________________________________________________

CHAPTER 7
FUTURE OF HONEYPOTS

7.1 Advanced Threat Detection:

Honeypots will play a crucial role in advanced threat detection. By mimicking real systems
and services, they can attract sophisticated attacks, providing organizations with insights into
emerging threats and vulnerabilities. Honeypots will be integrated into broader deception
technologies. This involves deploying decoy assets, such as fake servers or network segments,
to mislead attackers and divert them away from critical systems.The increasing adoption of
cloud computing, the future of honeypots will likely involve more cloud-based deployments.
Cloud honeypots can emulate various cloud services and environments, helping organizations
protect their assets in the cloud.

7.2 Machine Learning and AI:

Incorporating machine learning and artificial intelligence into honeypot systems will
enhance their ability to analyze large datasets, identify patterns, and automatically respond to
threats. This adaptive approach can improve the efficiency of threat detection and response.As
the Internet of Things (IoT) expands, there will be a growing need for honeypots specifically
designed to detect and analyze threats targeting IoT devices. These honeypots can simulate IoT
environments to attract and study attacks on connected devices.
Honeypots will continue to contribute valuable data to threat intelligence feeds. Information
gathered from honeypot interactions will be used to update and strengthen cybersecurity
measures, creating a more proactive defense against evolving threats.

7.3Automation and Orchestration:

Automation and orchestration capabilities will be integrated into honeypot solutions. This
includes automating the deployment of honeypots, analyzing collected data, and orchestrating
responses to detected threats, streamlining the overall security workflow.
Honeypots may become a standard tool for meeting regulatory compliance requirements. By
proactively identifying vulnerabilities and potential threats, organizations can demonstrate a
commitment to cybersecurity best practices and compliance standards. Organizations may
form collaborative networks, sharing anonymized threat data collected by honeypots. This
collective approach can enhance the overall cybersecurity posture by providing a broader
perspective on emerging threats.
Honeypots can be used as educational tools to simulate realistic attack scenarios for training
cybersecurity professionals. This hands-on experience can help individuals develop practical
skills in identifying and responding to security incidents.

10
DR. BABASAHEB AMBEDKAR TECHNOLOGICAL UNIVERSITY
DEPARTMENT OF ELECTRONICS AND TELECOMMUNICATION.
 A Seminar Report on “HONEYPOT”
__________________________________________________________________________________

CHAPTER 8
CONCLUSION

In conclusion, honeypots play a crucial role in cybersecurity by acting as decoy

systems that attract and detect malicious activities. By mimicking vulnerable
assets, they provide valuable insights into the tactics, techniques, and procedures
employed by attackers. The gathered data aids in enhancing overall security
measures, understanding emerging threats, and fortifying defenses. However,
deploying honeypots requires careful consideration of the organization's goals,
resources, and the potential risks involved. While honeypots offer significant
advantages, they should be part of a comprehensive cybersecurity strategy,
complementing other defense mechanisms to create a robust and resilient security
posture. Regular monitoring, analysis, and adaptation of honeypot configurations
are essential to ensure their effectiveness in the ever-evolving landscape of cyber
threats.

11
DR. BABASAHEB AMBEDKAR TECHNOLOGICAL UNIVERSITY
DEPARTMENT OF ELECTRONICS AND TELECOMMUNICATION.
 A Seminar Report on “HONEYPOT”
__________________________________________________________________________________

REFERENCE

1.Lance Spitzner , Honeypot Track Hacker, Addison-Wesley Professional

2. R. C. Joshi, Anjali Sardan, Honeypots A New Paradigm to Information Security,

12
DR. BABASAHEB AMBEDKAR TECHNOLOGICAL UNIVERSITY
DEPARTMENT OF ELECTRONICS AND TELECOMMUNICATION.