Abstract
For research purposes, a honeypot is a system that enables observing attacker’s actions in different phases of a cyberattack. In this study, a honeypot called Kippo was used to identify attack behavior in Finland. The gathered data consisted of dictionary attack login attempts, attacker location, and actions after successful login. From the data, attacker behavior was analyzed. Differentiating bots from human actors, linking scanning activity to further attack steps, and identifying malware and tracking malware sites were all done. The knowledge gained could be used to enhance an organization’s cyber resiliency by identifying attacker motivations and the tools used. Automating analysis of honeypot data enables the use of honeypots as sensors in a larger security system. Implementation of this was left for future research.
Cite
CITATION STYLE
Kemppainen, S., & Kovanen, T. (2018). Honeypot utilization for network intrusion detection. In Intelligent Systems, Control and Automation: Science and Engineering (Vol. 93, pp. 249–270). Springer Netherlands. https://doi.org/10.1007/978-3-319-75307-2_15
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
