Development of an Educational Data Acquisition System to Profile Cyber Attacks

A prototype course model is presented that is based on a live network-based honeypot to monitor network attacks. In this system a server supporting specific services that include SSH, HTTP, SMTP, and FTP is configured and set up behind a logging firewall. Advanced logging and reporting functions include login attempts, IP addresses, dates, times, and frequency of attempts. Students use the log files and employ filtering and data pattern analysis tools to analyze and profile the cyber attacks. The developed system constitutes a flexible data gathering platform that facilitates the classroom observations and experiments in the area of information security.