6533b82cfe1ef96bd128fec3

RESEARCH PRODUCT

Honeypot Utilization for Network Intrusion Detection

Simo KemppainenTiina Kovanen

subject

Software_OPERATINGSYSTEMSDictionary attackHoneypotComputer science020206 networking & telecommunications02 engineering and technology021001 nanoscience & nanotechnologycomputer.software_genreComputer securityLoginComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS0202 electrical engineering electronic engineering information engineeringMalwareNetwork intrusion detection0210 nano-technologycomputerSecurity system

description

For research purposes, a honeypot is a system that enables observing attacker’s actions in different phases of a cyberattack. In this study, a honeypot called Kippo was used to identify attack behavior in Finland. The gathered data consisted of dictionary attack login attempts, attacker location, and actions after successful login. From the data, attacker behavior was analyzed. Differentiating bots from human actors, linking scanning activity to further attack steps, and identifying malware and tracking malware sites were all done. The knowledge gained could be used to enhance an organization’s cyber resiliency by identifying attacker motivations and the tools used. Automating analysis of honeypot data enables the use of honeypots as sensors in a larger security system. Implementation of this was left for future research.

yearjournalcountryeditionlanguage
2018-01-01
https://doi.org/10.1007/978-3-319-75307-2_15