AAU Student Projects - visit Aalborg University's student projects portal
A master's thesis from Aalborg University
Book cover


Honeypots on AAU's Network

Author

Term

4. term

Education

Networks and Distributed Systems, Master

Publication year

2018

Submitted on

Pages

79

Abstract

Aalborg Universitet driver et stort og komplekst netværk, hvor det kan være svært at vurdere trusler og identificere de mest udsatte systemer. Dette speciale undersøger, hvordan containerbaserede honeypots kan integreres i AAU’s netværk for at skabe overblik over angrebsaktivitet og understøtte sikkerhedsarbejdet. Arbejdet omfatter en gennemgang af eksisterende honeypot-teknologier samt en informationssikkerhedsmæssig risikovurdering for at fastlægge konteksten og mulige angribergrupper og -motiver. Derudover analyseres universitetets netværksstruktur for at vælge placeringer, der giver meningsfuld indsigt i, hvilke systemer der bliver sonderet. Implementeringen er baseret på Docker på en universitetsudleveret virtuel privat server, hvor honeypots kører i containere på et subnet placeret uden for universitetets firewall for ikke at filtrere trafikken. Hver container tildeles en statisk IP med adgang til og fra internettet, og interaktioner registreres i separate logfiler til senere analyse. Som decoy-system tiltrækker honeypots således angreb og leverer data, der kan bruges til overvågning og mønstergenkendelse; kvantitative resultater ligger uden for dette uddrag.

Aalborg University operates a large and complex network where assessing threats and identifying the most exposed systems is challenging. This thesis examines how container-based honeypots can be integrated into AAU’s network to observe attack activity and support security monitoring. The work includes a review of current honeypot technologies and an information security risk assessment to establish context and identify attacker groups and motives. The university’s network structure is analyzed to select honeypot placements that yield meaningful insights into probed systems. The implementation uses Docker on a university-provided virtual private server, with honeypots running as containers on a subnet located outside the university firewall to avoid filtering traffic. Each container is assigned a static IP address reachable from the Internet, and interactions are captured in per-container log files for later analysis. Acting as decoys, the honeypots attract attacks and provide data for monitoring and pattern extraction; detailed quantitative findings are beyond the scope of this excerpt.

[This summary has been generated with the help of AI directly from the project (PDF)]

Documents

Download
View record in AAU Student Projects