Abstract
The understanding of cyber threats to a network is challenging yet rewarding as it allows an organisation to prevent a potential attack. Numerous efforts have been made to predict cyber threat before they occur. To build a threat intelligence framework, an organisation must understand attack data collected from the network events and analyse them to identify the cyber attack artefacts such as IP address, domain name, tools and techniques, username and password, and geographic location of the attacker, which could be used to understand the nature of attack to a system or network. However, it is very difficult or dangerous to collect and analyse live data from a production system. Honeypot technology is well known for mimicking the real system while collecting actual data that can be in near real time in order to monitor the activities on the network. This paper proposes a threat intelligence approach analysing attack data collected using cloud-based web service in order to support the active threat intelligence.
Highlights
Cyber attacks are continuously growing and becoming significant concerns for all types of organisations
The idea of an Indicator of Compromise is that it identifies network-related components such as IP address, open port and domain address that could be the weakness of a network during the cyber attacks
In our Kippo honeypot data, we have identified a number of brute force attack
Summary
Cyber attacks are continuously growing and becoming significant concerns for all types of organisations. Organisations are putting several protection measures in place including regular penetration tests, setup intrusion detection system (IDS) and intrusion prevention system (IPS) devices, realtime monitoring systems, firewalls, etc., to prevent cyber attacks. These systems are attached to the organisation’s production system. Cyber threats can be identified using honeypot data collection and analysis, which gives an understanding of the nature of a cyber attack. In order to achieve the goal, we have deployed cloud honeypots as services to find cyber-attack-related events through data analysis applying elasticsearch. The result demonstrates that honeypot data analysis could be used in cyber threat intelligence to support network protection for organisation.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
