Reducing Honeypot Log Storage Capacity Consumption – Cron Job with Perl-Script Approach

• Main Authors: Iman Hazwam Bin Abd Halim, Nur Muhammad Irfan bin Abu Hassan, Tajul Rosli Razak, Muhammad Nabil Fikri bin Jamaluddin, Mohammad Hafiz bin Ismail
• Format: Article
• Language: English
• Published: Faculty of Computer and Mathematical Sciences, Universiti Teknologi MARA Perlis 2019-11-01
• Series: Journal of Computing Research and Innovation
• Subjects: honeypot; ids; linux; perl; security
• Online Access: https://crinn.conferencehunter.com/index.php/jcrinn/article/view/114

Honeypot is a decoy computer system that is used to attract and monitor hackers’ activities in the network. The honeypot aims to collect information from the hackers in order to create a more secure system. However, the log file generated by honeypot can grow very large when heavy traffic occurred in the system, such as Distributed Denial of Services’ (DDoS) attack. The DDoS possesses difficulty when it is being processed and analyzed by the network administrator as it required a lot of time and resources. Therefore, in this paper, we propose an approach to decrease the log size that is by using a Cron job that will run with a Perl-script. This approach parses the collected data into the database periodically to decrease the log size. Three DDoS attack cases were conducted in this study to show the increasing of the log size by sending a different amount of packet per second for 8 hours in each case. The results have shown that by utilizing the Cron job with Perl-script, the log size has been significantly reduced, the disk space used in the system has also decreased. Consequently, this approach capable of speeding up the process of parsing the log file into the database and thus, improving the overall system performance. This study contributes to providing a pathway in reducing honeypot log storage using the Cron job with Perl-Script.