Abstract
For research purposes, a honeypot is a system that enables observing attacker’s actions in different phases of a cyberattack. In this study, a honeypot called Kippo was used to identify attack behavior in Finland. The gathered data consisted of dictionary attack login attempts, attacker location, and actions after successful login. From the data, attacker behavior was analyzed. Differentiating bots from human actors, linking scanning activity to further attack steps, and identifying malware and tracking malware sites were all done. The knowledge gained could be used to enhance an organization’s cyber resiliency by identifying attacker motivations and the tools used. Automating analysis of honeypot data enables the use of honeypots as sensors in a larger security system. Implementation of this was left for future research.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Biasini N, Olney M, Williams C (2016) Threat spotlight: SSHPsychos. blogs@Cisco - Cisco Blogs. http://blogs.cisco.com/security/talos/sshpsychos. Accessed 19 Dec 2016
Bringer ML, Chelmecki CA, Fujinoki H (2012) A survey: recent advances and future trends in honeypot research. Int J Comput Netw Inf Secur 4(10):63
Campbell RM, Padayachee K, Masombuka T (2015) A survey of honeypot research: trends and opportunities. In: 2015 10th international conference for internet technology and secured transactions (ICITST), pp 208–212
geoPlugin (2016) geoPlugin to geolocate your visitors. http://www.geoplugin.com/. Accessed 21 Dec 2016
Google (2016) Google Maps APIs. Google Developers. https://developers.google.com/maps/. Accessed 20 Dec 2016
Jain YK, Singh S (2011) Honeypot based secure network system. Int J Comput Sci Eng 3(2):612–620
Jicha A, Patton M, Chen H (2016) SCADA honeypots: an in-depth analysis of conpot. In: 2016 IEEE conference on intelligence and security informatics (ISI), pp 196–198
Koniaris I, Papadimitriou G, Nicopolitidis P (2013) Analysis and visualization of SSH attacks using honeypots. In: 2013 IEEE EUROCON, pp 65–72
Koniaris I, Papadimitriou G, Nicopolitidis P, Obaidat M (2014) Honeypots deployment for the analysis and visualization of malware activity and malicious connections. In: 2014 IEEE international conference on communications (ICC), pp 1819–1824
Melese SZ, Avadhani PS (2016) Honeypot system for attacks on SSH protocol. Int J Comput Netw Inf Secur IJCNIS 8(9):19
Mokube I, Adams M (2007) Honeypots: concepts, approaches, and challenges. In: Proceedings of the 45th annual southeast regional conference, New York, NY, USA, pp 321–326
Pa YMP, Suzuki S, Yoshioka K, Matsumoto T, Kasama T, Rossow C (2016) IoTPOT: a novel honeypot for revealing current IoT threats. J Inf Process 24(3):522–533
Richter C (2015) Safeguarding the internet, Level 3 botnet research report. http://www.level3.com/~/media/files/white-paper/en_secur_wp_botnetresearchreport.ashx. Accessed 20 Dec 2016
Rubin BS, Cheung D (2006) Computer security education and research: handle with care. IEEE Secur Priv 4(6):56–59
Scottberg B, Yurcik W, Doss D (2002) Internet honeypots: protection or entrapment? In: 2002 international symposium on technology and society, (ISTAS’02), pp 387–391
Sharma N, Sran SS (2011) Detection of threats in Honeynet using Honeywall. Int J Comput Sci Eng 3(10):3332
Spitzner L (2003a) Honeypots: catching the insider threat. In: Proceedings of 19th annual computer security applications conference, pp 170–179
Spitzner L (2003b) Honeytokens: the other honeypot|symantec connect. https://www.symantec.com/connect/articles/honeytokens-other-honeypot. Accessed 22 Dec 2016
Spitzner L (2003c) Honeypots: are they illegal? Symantec connect. https://www.symantec.com/connect/articles/honeypots-are-they-illegal. Accessed 19 Dec 2016
Tamminen U (2016) Kippo-SSH Honeypot. GitHub, Kippo-SSH Honeypot. https://github.com/desaster/kippo. Accessed 20 Dec 2016
The Debian Project (2016) Debian–The universal operating system. https://www.debian.org. Accessed 21 Dec 2016
The Raspberry Pi Foundation (2016) Raspbian. https://www.raspbian.org/. Accessed 21 Dec 2016
Tiwari R, Jain A (2012) Design and analysis of distributed honeypot system. Int J Comput Appl 55(13)
VirusTotal (2016) VirusTotal-free online virus, malware and URL scanner. https://www.virustotal.com/. Accessed 20 Dec 2016
Wählisch M, Trapp S, Keil C, Schönfelder J, Schiller J et al (2012) First insights from a mobile honeypot. In: Proceedings of the ACM SIGCOMM 2012 conference on applications, technologies, architectures, and protocols for computer communication, 2012, pp 305–306
Yahyaoui A (2014) Testing deceptive honeypots. Naval Postgraduate School, Monterey, California
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Kemppainen, S., Kovanen, T. (2018). Honeypot Utilization for Network Intrusion Detection. In: Lehto, M., Neittaanmäki, P. (eds) Cyber Security: Power and Technology. Intelligent Systems, Control and Automation: Science and Engineering, vol 93. Springer, Cham. https://doi.org/10.1007/978-3-319-75307-2_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-75307-2_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-75306-5
Online ISBN: 978-3-319-75307-2
eBook Packages: EngineeringEngineering (R0)