Implementation of Effective Dynamic Clustering Algorithm on Live Honeypot Data Set

A Honeynet is a highly controlled network that interacts with attackers in cyber space to gather the attack data, to collect intelligence on attack techniques and behaviors of the black hat community. Other security devices like Firewalls, IDS etc are usually based on signatures and there has been large amount work done in the field of signature based detection. With the consideration of unknown attack detection, intrusion detection is becoming not useful to detect these kinds of attacks spreading in the network and intrusion detection based attack detection is becoming a very challenging process. Honeynets are enabling us in providing the deep understanding of attacks patterns which are bypassed by the network intrusion detection system. Therefore the Honeynets are becoming very useful to collect the unknown attacks. But before the deployment of Honeynets in the network, one should have a deeper understating of what honeynet can do and what are the risks involved in deployment. There should be clear understanding of data control mechanism working properly to reduce the risk of compromising the honeynet system to other non-honeynet systems. In this research work, with the consideration of many problems in current traditional security resource applications International Journal of Enterprise Computing and Business Systems ISSN (Online) : 2230-8849 Volume 4 Issue 2 July 2014 International Manuscript ID : ISSN22308849-V4I2M5-07202 and the consideration of the research on Honeynet Technology, We have implemented of port Density Based Dynamic Clustering algorithm on attack data collected on Honeypots which infer the requirement of placing honeypots in any organizational network. A categorization of attack data such as portwise distribution, top IP addresses are being presented which is helpful for any system and network administrators to put control list in the network for blocking of those ports and IP addresses.