Using analysis of temporal variances within a honeypot dataset to better predict attack type probability

Seamus Dowling, Michael Schukat, Hugh Melvin

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

12 Citations (Scopus)

Abstract

Honeypots are deployed to capture cyber attack data for analysis of attacker behavior. This paper analyses a honeypot dataset to establish attack types and corresponding temporal patterns. It calculates the probability of each attack type occurring at a particular time of day and tests these probabilities with a random sample from the honeypot dataset. Attacks can take many forms and can come from different geographical sources. Temporal patterns in attacks are often observed due to the diurnal nature of computer usage and thus attack types captured on a honeypot will also reflect these patterns. We propose that it is possible to determine the probability of differing attack types occurring at certain times of the day. Understanding attack behavior informs the implementation of more robust security measures. The paper also proposes automating this process to create dynamic and adaptive honeypots. An adaptive honeypot that can modify its security levels, can increase the attack vector at different times of the day. This will improve data collection for analysis that ultimately will lead to better cyber defenses.

Original languageEnglish
Title of host publication2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages349-354
Number of pages6
ISBN (Electronic)9781908320933
DOIs
Publication statusPublished - 8 May 2018
Externally publishedYes
Event12th International Conference for Internet Technology and Secured Transactions, ICITST 2017 - Cambridge, United Kingdom
Duration: 11 Dec 201714 Dec 2017

Publication series

Name2017 12th International Conference for Internet Technology and Secured Transactions, ICITST 2017

Conference

Conference12th International Conference for Internet Technology and Secured Transactions, ICITST 2017
Country/TerritoryUnited Kingdom
CityCambridge
Period11/12/1714/12/17

Keywords

  • adaptive
  • honeypot
  • predictive
  • probability
  • temporal

Fingerprint

Dive into the research topics of 'Using analysis of temporal variances within a honeypot dataset to better predict attack type probability'. Together they form a unique fingerprint.

Cite this