Dream Science

DS Journal of Cyber Security (DS-CYS)

Research Article | Open Access | Download Full Text

Volume 2 | Issue 4 | Year 2024 | Article Id: CYS-V2I4P102 DOI: https://doi.org/10.59232/CYS-V2I4P102

Analyzing Attacker’s Data through Honeypot

K. Dhivya, G.K. Dharan, T. Kowshik, N. Logha Surya, M. Mihaash Dharan

ReceivedRevisedAcceptedPublished
03 Oct 202409 Nov 202426 Nov 202421 Dec 2024

Citation

K. Dhivya, G.K. Dharan, T. Kowshik, N. Logha Surya, M. Mihaash Dharan. “Analyzing Attacker’s Data through Honeypot.” DS Journal of Cyber Security, vol. 2, no. 4, pp. 10-18, 2024.

Abstract

This paper details a honeypot deployment leveraging Cowrie on an Ubuntu system to detect and analyse malicious behaviour. Honeypots are specialized systems designed to mimic vulnerable network assets, attracting attackers and capturing their activities for analysis. In this setup, Cowrie, a medium-interaction honeypot, simulates an SSH and Telnet interface, allowing attackers to engage with the system. Doing so captures each command entered, enabling a detailed examination of intrusion techniques. The combination of Honeyd and Cowrie offers a dual-layered approach, with Honeyd creating a network of virtual hosts and Cowrie focusing on interaction with attackers. This system logs unauthorized access attempts, records attacker commands, and analyses strategies, revealing valuable insights into emerging cyber threats. By studying these interactions, security professionals can enhance defensive strategies, anticipating tactics used in real-world attacks. The collected data aids in refining proactive security measures, fostering a robust security posture. The results underscore the significance of honeypots in cybersecurity research, making them a valuable tool in strengthening network defences against evolving threats.

Keywords

Honeypot, Intrusion Detection, Cowrie, Telnet, Botnets.

References

[1] Mevlüt Serkan Tok, “Internet of Things Botnets: A Case Study on Mirai Malware,” TOBB University of Economics and Technology, Graduate School of Engineering and Science, 2019.

[Google Scholar] [Publisher Link]

[2] Daniel Ramsbrock, Robin Berthier, and Michel Cukier, “Profiling Attacker Behavior Following SSH Compromises,” 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Edinburgh, UK, pp. 119-124, 2007. ]

[CrossRef] [Google Scholar] [Publisher Link]

[3] Jim Owens, and Jeanna Matthews, “A Study of Passwords and Methods Used in Brute-Force SSH Attacks,” USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), 2008.

[Google Scholar] [Publisher Link]

[4] Ioannis Koniaris, Georgios Papadimitriou, and Petros Nicopolitidis, “Analysis and Visualization of SSH Attacks Using Honeypots,” EuroCon 2013, Zagreb, Croatia, pp. 65-72, 2013.

[CrossRef] [Google Scholar] [Publisher Link]

[5] Solomon Z. Melese, and P.S. Avadhani, “Honeypot System for Attacks on SSH Protocol,” International Journal of Computer Network and Information Security, vol. 8, no. 9, pp. 19-26, 2016.

[CrossRef] [Google Scholar] [Publisher Link]

[6] Eman Al Awadhi, Khaled Salah, and Thomas Martin, “Assessing the Security of the Cloud Environment,” 2013 7th IEEE GCC Conference and Exhibition (GCC), Doha, Qatar, pp. 251-256, 2013.

[CrossRef] [Google Scholar] [Publisher Link]

[7] Utkarsh Saxena, Om Prakash Bachhan, and Rana Majumdar, “Static and Dynamic Malware Behavioral Analysis Based on ARM Based Board,” 2015 2nd International Conference on Computing for Sustainable Global Development (INDIACom), New Delhi, India, pp. 272-277, 2015.

[Google Scholar] [Publisher Link]

[8] S.M. Arikan, and R Benzer, “A Security Trend: Honeypot,” Acta Infologica, vol. 2, no. 1, pp. 1-11, 2018.

[CrossRef] [Google Scholar] [Publisher Link]

[9] F. Dal, “A Case Study on the Analysis of Attacks against Internet of Things Systems with Honeypot Systems,” Master Thesis, 2019.

[10] Seda Yüksel, “Analyzing the Medium-Interaction Honeypot: A Case Study,” Thesis, The Graduate School of Natural and Applied Sciences of Çankaya University, 2018.

[Google Scholar] [Publisher Link]

[11] Abhay Nath Singh, and R.C. Joshi, “A Honeypot System for Efficient Capture and Analysis of Network Attack Traffic,” 2011 International Conference on Signal Processing, Communication, Computing and Networking Technologies, Thuckalay, India, pp. 514-519, 2011.

[CrossRef] [Google Scholar] [Publisher Link]

[12] Ömer Erdem, “Honeything: A Trap System for the Internet of Things,” Thesis, Department of Information Security Engineering, İstanbul Şehir University, 2015.

[Google Scholar] [Publisher Link]

[13] Mohamad Faiz Razali et al., “IoT Honeypot: A Review from Researcher’s Perspective,” 2018 IEEE Conference on Application, Information and Network Security (AINS), Langkawi, Malaysia, pp. 93-98, 2018.

[CrossRef] [Google Scholar] [Publisher Link]

[14] Esmaeil Kheirkhah et al., “An Experimental Study of SSH Attacks by Using Honeypot Decoys,” Indian Journal of Science and Technology, vol. 6, no. 12, pp. 1-12, 2013.

CrossRef] [Google Scholar] [Publisher Link]

[15] J.M. Johnson, “Security,” Naval Postgraduate, pp. 1-55, 2017.


Analyzing Attacker’s Data through Honeypot