Home > Published Issues > 2013 > Volume 8, No. 11, November 2013 >

Honeypots Aiding Network Forensics: Challenges and Notions

Qassim Nasir and Zahraa A. Al-Mousa
Electrical and Computer Engineering, University of Sharjah, UAE

Abstract—Communications over the Internet are under serious risks as attacks are increasing day after day.  Network forensics is the process of investigation such attacks through analyzing network data and events. Many challenges are facing investigators due to the rapid growing of network scale and intruders’ skills. Honeypots are computer traps that are meant to be compromised to attract hackers and monitor their strategies and tools. Using honeypots provides a cost-effective solution to increase the security of an organization. Monitoring malicious traffic is useful for network forensics and intrusion detection systems. This paper focused on studying network forensics methodologies and tools in addition to developing a well understanding of honeypots terminologies and their value in network forensics. Honeypot tools differ in several aspects discussed here in an objective comparison. Moreover, Honeypots efficiency is evaluated versus network intrusion detection and prevention system (IDPS). Data received by traditional network tools can be correlated with honeypots captures to obtain more valuable evidence and clues. The study also provides a literature review of previous researches on honeypots aid to network forensics in addition to multiple recommendations to overcome honeypot limitations.
Index Terms—Network Forensics, Honeypots, Intrusion detection and prevention system

Cite: Qassim Nasir and Zahraa A. Al-Mousa, "Honeypots Aiding Network Forensics: Challenges and Notions," Journal of Communications, vol. 8, no. 11, pp. 700-707, 2013. doi: 10.12720/jcm.8.11.700-707