Container-Based Honeypot Deployment for the Analysis of Malicious Activity | IEEE Conference Publication | IEEE Xplore

Container-Based Honeypot Deployment for the Analysis of Malicious Activity


Abstract:

In today's world, the field of cyber security is a fast-paced changing environment. New threats are continuously emerging, and the ability to capture and effectively anal...Show More

Abstract:

In today's world, the field of cyber security is a fast-paced changing environment. New threats are continuously emerging, and the ability to capture and effectively analyze them is paramount. In our work, we are deploying multiple honeypot sensors in order to monitor and study the actions of the attackers. The selected honeypots are Cowrie, Dionaea and Glastopf, presented as a Linux host, a Windows host and a Web application respectively. This enables us to have a diverse and broad environment that can attract attackers aiming at different attack surfaces. The sensors are running on a containerization platform, Docker and in this way, they are lightweight, resilient and could be easily deployed and managed. Our goal is the creation of a single dashboard that can present the captured data effectively in real-time and both in macroscopic and microscopic levels. Thus, we are utilizing the Elastic Stack and we are enriching our data sources using Virus Total's analysis engine. The proposed system ran for a three-month period and provided numerous data points, from which instantaneous useful conclusions were drawn for the behavior and nature of the malicious users.
Date of Conference: 23-25 October 2018
Date Added to IEEE Xplore: 07 February 2019
ISBN Information:

ISSN Information:

Conference Location: Thessaloniki, Greece

References

References is not available for this document.