International Journal of Computer Applications (0975 – 8887) Volume 180 – No.32, April 2018 18 Mitigating Computer Attacks in a Corporate Network using Honeypots: A Case Study of Ghana Education Service Promise R. Agbedanu Department of Computer Science, Kwame Nkrumah University of Science and Technology, Kumasi, Ghana J. B. Hayfron-Acquah Department of Computer Science, Kwame Nkrumah University of Science and Technology, Kumasi, Ghana F. Twum Department of Computer Science, Kwame Nkrumah University of Science and Technology, Kumasi, Ghana ABSTRACT Computer and network security is increasingly becoming not only more significant to industry players but also complex regarding mitigating sophisticated cyber-attacks. It is essential for developers, systems administrators, and web administrators to develop and manage systems that can stand the test of time as far as computer and network attacks are concerned. A hybrid honeypot was deployed in the network setup of the Ghana Education Service. The honeypot set up was made up of Valhalla honeypot and honeyd (low- interaction honeypots), Cowrie (medium-interaction honeypot), Windows and two Ubuntu OS implemented on real systems (high-interaction honeypot) and Snort. This research goes a step further to collect the attack on data and analyse them. The attacks that were launched against the honeypots deployed in the network were Port Scanning, SSH Brute Force attack, HTTP Authentication Brute Force attack, SQL Injection and Spam. It was discovered that the honeypots received 5061 attack connections from October to December 2017. Majority of the attack connections were TCP based, resulting in 2851 of the total attack connections. The results of this work also show that honeyd receive 36% of the total attacks launched against the honeypots. Keywords Computer security, Network Security, Honeypots. 1. INTRODUCTION Modern organizations such schools, banks, insurance companies and the security services, just to mention a few depend heavily on computers and its related applications to run their day to day services. In most of these organizations, computers are connected to form a network With the growing trend in network and cloud computing, security has become the major concern of every organization that wants system availability, integrity and confidentiality. 2. BACKGROUND On January 20, 2015, a Turkish was able to take down the official website of the Government of Ghana. Prior to this attack, the website of the Foreign Affairs Ministry was also hacked. During this attack nine other state agencies were also affected [1]. In that same year websites belonging to the Presbyterian University College, the University of Cape Coast, Kwame Nkrumah University of Science and Technology were also hacked [2]. 3. RELATED LITERATURE According to Lihet and Dadarlat [3], a honeypot is a fraudulent system that is deployed in a production environment to emulate a real system. Data found on a honeypot are not real, so when the honeypot is breached, it does not affect the actual network infrastructure. Honeypots can be grouped based on the level of interaction they provide, how they are implemented or where they are located. Using honeypots as decoys to collect attack data can serve as a countermeasure against malicious threats in web applications. The use of honeypots that emulate web-based services and applications can help in collecting malicious activities by attackers. This work proposes a model using honeypots that were deployed and evaluated in different web environments [4]. According to Zhai and Wang [5], the use of honeypots in a campus network may end up expanding the network space which in turn may serve as a delusionary mechanism thereby prevent attacks by delaying or distracting attackers. Kumar et al [6] proposed an integrated system that includes client and server honeypots. The server and the client honeypots are controlled by an active controller, which is a single centralized server. Their proposed systems have five functional components. These are, the client honeypots, server honeypots, honeypot controller, management and analysis server. The proposed framework utilizes honeypots to collect and analyse malware. It is difficult to immediately generate detection rules based on the information gathered from honeypots. This work presented an agent-based honeypot framework to help remove malicious activities and executable files on servers infected by a zero-day attacks right after the honey detects such attacks [7]. One of the most popular form of attack deployed against mobile devices are malwares. Deploying honeypots like “honeypot-to-go” as a basic low-interaction honeypot to detect malwares is one of the comprehensive ways to mitigate malware attacks against mobile devices [8]. In order to prevent SQL injections, a model implemented from Snort and a honeypot has been proposed to curb this kind of attack. Though there are several solutions to SQL injection attack like hashing, query transmission and header sanitization but they all have some drawbacks. IDS rules are not updated automatically. However, the proposed solution