Nation-Wide Rapid Rollout of Honeypot Threat Sensors

The purpose of the project is to create a nationwide network of honeypot sensors for the generation of reliable and actionable threat intelligence which could be analysed and shared with various organisations for threat prevention and proactive threat detection. This deployment project is funded by MeitY. The main partner and user agency is the Indian Computer Emergency Response Team (CERT-In), a national nodal agency for Cyber Security under MeitY, which shall obtain the Cyber Threat Intelligence generated from this project and utilise the same to secure the cyber ecosystem of the country as per the mandate of National Cyber Coordination Centre (NCCC). Cyber Threat Intelligence will contain evidence-based knowledge, including context, and indicators that will be in actionable formats and will be directly utilised by any security solutions. The project envisages active involvement of Government Organisations, State Data Centres (SDC), Public Sector Undertakings (PSU), Banks, Internet Service Providers (ISPs), R&D and Academic Institutions. Private sector organisations providing utility or critical services shall also be covered. Under this project seven hundred fifty (750) dynamically configurable honeypot sensors which would also include the existing 60 locations, developed by C-DAC will be deployed at the premises of the participating organisations/institutes preferably in the IP subnet range of the participating organisations/institute. This deployment will capture the attacks targeting the organisational networks which are launched by the attacker to scan, discover and exploit potential vulnerabilities in the publicly exposed services. This system will also be able to capture malware binaries as a result of the successful exploitation of vulnerabilities implemented on the Honeypot sensor.

Use Cases

• Login Page of Threat Intelligence System.
• Health Monitoring of Honeypots.
• Vulnerability Listing, Port/Service emulated on Honeypot (e.g., CVE Numbers).
• Deployment of Honeypots’ images (Dynamic Configuration of Honeypot images through TIS).

Salient Features

• Cyber Threat Monitoring System- A network of honeypots as threat capturing-sensors and central collection & analysis facility.
• Big data scalable architecture for attack data storage and analysis.
• Automated cyber threat intelligence generation.
• Cyber threat report generation.