Integration of Low Interaction Honeypot and ELK Stack as Attack Detection Systems on Servers

Abstract

The high need for information technology that can be accessed anywhere and anytime indirectly opens a big opportunity for irresponsible parties to attack and destroy the system. The server farm is one of the targets most hunted by attackers, intending to damage, and even retrieving victim data. One of the efforts to deal with this problem is to add server security by using honeypot. The existence of a honeypot is one of the efforts to prevent system hacking by creating a fake server to divert attackers access. In its application, the logs generated from the honeypot are only letters and numbers, making it difficult to analyze the logs. It became a problem it will being a lot of log data being processed. To make it easier for administrators in analyzing logs, a visualization system using the ELK Stack is proposed. Honeypot and ELK Stack integration can be a security system solution in detecting attacks while providing visualization to administrators. Five testing schemes were carried out to provide a comparative study between the low interaction honeypot Cowrie and Dionaea. Cowrie delivers a better performance detection system (real-time) compared to the detection system offered by Dionaea, and the average delay time is 3.75 seconds, while ELK managed to provide better monitoring results to administrators through its visualization.