Results 1 to 6 of 6

Thread: Honeypot as my Research Thesis

  1. #1
    Junior Member
    Join Date
    Dec 2004
    Posts
    17

    Honeypot as my Research Thesis

    I am doing research on Honeypot. and consider take it as a topic for my master research thesis. I have read through articles all about honeypot/honeynet. Have few questions related to it...

    Let say i take Building & Implementing Honeynet as my topic as research thesis, and i implement it with honeypot tools that available now in the market (honeyd, honeywall, KFsensor, Specter..etc) and i build a network, configure some script files to mimic OS & services, bind it with sensor & IDS, capture logs files, and analyst the logs with a report(attacker motives...)

    Do u think that will be a good thesis for master degree? University requirement for thesis are more based on theoritical..... or, they expert you come with a brand new idea/concept on the area you research... if not, when they found something similiar or the idea actually exist, they will consider you as plagiarism ...

    i saw some project where building honeypot in a Virtual machine (vmware) and consider as a honeynet framework in a single machine (& i found the way to detect those kind virtual honeypot).... i'm looking for more huge & high interaction...

    How if i add some new element like Wireless (FadeAP, or use tcpreplay to record the traffic and reply it, or write a script file to mimic the wireless traffic, some sort like that)....or STOP spams with honeypot... BUT still, this ideas had been found and explore...

    I am doubt about how to choose Honeypot as my title..... i'm a fan of honeypot... although i'm still new to it.... i would like to get some suggestion....

    Thz... good day...
    --=|2 be da happy children 0f da Mother Nature, 2 be da Best among da Best!|=--

    Any Sufficiently AdvanceD TechnologG is InDistinguishable from MagiC. - Arthur C. Clarke

  2. #2
    Senior Member z31200n3's Avatar
    Join Date
    Jan 2004
    Location
    Bellevegas
    Posts
    102
    I dont know much about honeypots, but i do have an opinion about what you might want to do. If you are having second thoughts and doubts about your project / masters thesis, i would say scrap it, and choose something that you are 1) totaly positive could render yield the results you are looking for, (2) could not be considered to be plagarism, and (3) helps you learn something in the process.


    just my $0.02


    -z3

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Do u think that will be a good thesis for master degree? University requirement for thesis are more based on theoritical..... or, they expert you come with a brand new idea/concept on the area you research... if not, when they found something similiar or the idea actually exist, they will consider you as plagiarism ...
    Speak to your advisor as to the full scope of what you want to do. They should be able to guide you in the appropriate direction. I don't think it's a bad idea to do but you need to figure out what research you are adding to the community. You may be able to take an existing idea and add to it. Remember that if you use an existing idea you have to identify the original source (this avoids the plagarism issue).

    How if i add some new element like Wireless (FadeAP, or use tcpreplay to record the traffic and reply it, or write a script file to mimic the wireless traffic, some sort like that)....or STOP spams with honeypot... BUT still, this ideas had been found and explore...
    To some degree these have been done. But perhaps you might create a "better mousetrap".

    IMO, there is one idea that hasn't fully been explored and that's the idea of a honeypot truly detecting and differentiating, AFAIK, malicious activity versus non-malicious activity on the fly (being able to have decent AI to know the difference). Perhaps that's one avenue.

    What about a honeypot that works in the P2P environment, catching those pirating software and such? (a random idea).

    choose something that you are 1) totaly positive could render yield the results you are looking for, (2) could not be considered to be plagarism, and (3) helps you learn something in the process.
    I would think that part of doing research is to discover something new so why would you want a project to "yield the results you are looking for"? I would think that this kind of thinking would cloud results and make it "unacceptable" if it doesn't match.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    This is just an idea, but it could help you overcome some of your concerns regarding the theoretical side of things.

    Why no look into implementing artificle intellegence within your honeypot? like msmittens says the differentiation between malicous and non malicous activity is something that hasnt really been done in full.

    I suppose the beauty of implementing AI from your point of view is that youll be able to use as much or as little theoretical stuff as you like, AI is wrapped up in maths so if that is what floats your supervisors boat then you could of course insert relevant mathmatical modelling into it?

    let us no how it goes? id been keen to read you thesis,

    i2c

  5. #5
    Junior Member
    Join Date
    Dec 2004
    Posts
    17
    ohh... thankz z31200n3, MsMitten and i2c ......... for your opinion........

    well, yes, i think i need to something new concept like MsMitten suggestion... erm... implement AI into honeypot.... think could be function.... perhaps maybe can use AI to distinguish malicious /non activity, let it learn it, and use Neural Network to forcase or perdict new un-record attack (zero-d exploit or new worm..) then need to get back to work on MatLab... hope will help.. ^_^

    I think i will carry on with this as my thesis title (cause need to submit thesis proposal soon) ... i think i will combine most useful features for all the honeypot/net available..... including wireless.... available my honeynet with multiple OS... fix up some honeypot vul (can foreseen ppl now had study to anti-honey and there are methods to identify honeypot)... maybe little bit of forensic element in it.... and as well as AI + ANN.....

    Wish me luck, buddy....... once again, thz for the comment.........
    --=|2 be da happy children 0f da Mother Nature, 2 be da Best among da Best!|=--

    Any Sufficiently AdvanceD TechnologG is InDistinguishable from MagiC. - Arthur C. Clarke

  6. #6
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    Hey out of interest what you planning to do in matlab? the AI / ANN using there toolbox's?

    im just interested cos i use matlab all the time for my disertation, (which is unrealted to computer security) and i always enjoy seeing matlab used in different ways

    cheers

    i2c

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •