A STUDY ON LOCAL NETWORK FOR DETECTION OF ATTACK USING HONEYNET

In this paper we describes the honeynet that analysis network traffic for detection of attack. As per Wikipedia “a honeynet is a network, placed behind a reverse firewall that captures all inbound and outbound traffic. The reverse firewall limits the amount of malicious traffic that can leave the honeynet. The data is contained, captured, and controlled by honeynet. A user traffic profile is used to filter the normal traffic that is generated by the host. Remaining suspicious traffic is study to detailed analysis, nature of detailed analysis is derived from characterization of worm traffic. It is designed to detect unknown new attacks from the enterprise network. The high bandwidth usages on these networks make it very difficult to identify malicious traffic within the enterprise network. We propose that a Honeynet can be used to assist the system administrator in identifying malicious traffic on the enterprise network. In particularly we focus on issue of handling unknown traffic pattern with in our approach. Our assumption is that being to track the entire malware execution of compromised system of the attacker through there we can improve the security for our enterprise network.