XB-Pot: Revealing Honeypot-based Attacker’s Behaviors

Djap, Ryandy; Lim, Charles; Silaen, Kalpin Erlangga; Yusuf, Andi

doi:10.1109/icoict52021.2021.9527422

Cited by 13 publications

(2 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Due to the potency of Honeypot systems in deceptively engaging attack actors and trapping and logging their information, (such as network and system activities, and submitted and downloaded malicious software artifacts) for further analysis work, the Honeypot technology has received great attention from the research community (and practitioners alike) and numerous empirical studies focusing on detection of network intrusive attacks through visual analysis of captured Honeypot traffic data have been conducted [8] [9]. Consequently, there have been articles [20] [42] [43] presenting overviews on the typical Honeypot traffic data analysis metrics and methods.…”

Section: Related Survey Studiesmentioning

confidence: 99%

“…We limit the focus of our studies to Honeypot server intrusion detection since the field of network intrusion detection is vast. In addition, the Honeypot server is a fast-evolving deception-based network security defense mechanism which has been observed to be applied in recent times in numerous security types of research for the collection and analysis of network intrusive attack data [8] [9].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Systematic Review of Graphical Visual Methods in Honeypot Attack Data Analysis

Ikuomenisan¹,

Morgan²

2022

JIS

View full text Add to dashboard Cite

Mitigating increasing cyberattack incidents may require strategies such as reinforcing organizations' networks with Honeypots and effectively analyzing attack traffic for detection of zero-day attacks and vulnerabilities. To effectively detect and mitigate cyberattacks, both computerized and visual analyses are typically required. However, most security analysts are not adequately trained in visualization principles and/or methods, which is required for effective visual perception of useful attack information hidden in attack data. Additionally, Honeypot has proven useful in cyberattack research, but no studies have comprehensively investigated visualization practices in the field. In this paper, we reviewed visualization practices and methods commonly used in the discovery and communication of attack patterns based on Honeypot network traffic data. Using the PRISMA methodology, we identified and screened 218 papers and evaluated only 37 papers having a high impact. Most Honeypot papers conducted summary statistics of Honeypot data based on static data metrics such as IP address, port, and packet size. They visually analyzed Honeypot attack data using simple graphical methods (such as line, bar, and pie charts) that tend to hide useful attack information. Furthermore, only a few papers conducted extended attack analysis, and commonly visualized attack data using scatter and linear plots. Papers rarely included simple yet sophisticated graphical methods, such as box plots and histograms, which allow for critical evaluation of analysis results. While a significant number of automated visualization tools have incorporated visualization standards by default, the construction of effective and expressive graphical methods for easy pattern discovery and explainable insights still requires applied knowledge and skill of visualization principles and tools, and occasionally, an interdisciplinary collaboration with peers. We, therefore, suggest the need, going forward, for non-classical graphical methods for visualizing attack patterns and communicating analysis results. We also recommend training investigators in How to cite this paper: Ikuomenisan, G.

show abstract

Section: Related Survey Studiesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%