In the cybersecurity world, the concept of a honeypot is generally referred to as trap systems that have real system behaviors, intentionally leave a security gap, and aim to collect information about cybercriminals who want to access them. It is a computer system that sets itself as a target to attract cyberattacks like bait. It is used to imitate a target such as cyberattackers and to learn about attack attempts, ways of working, or to distract them from other targets. In this study, a VoIP-based honeypot was used to determine the profiles of cyberattacks and attackers. A network environment was created using a low-interaction honeypot to analyze the behavior of cyberattackers and identify the services frequently preferred by these individuals. The honeypot in the network environment was monitored for a period of 90 days. 105,308 events were collected regarding protocols such as Telnet, SIP, SSH, SMB, and HTTP. According to the results obtained, the proposed method performed a detailed analysis of the services from which cyberattacks came and the behaviors of the people who carried out these attacks. In addition, the highest level of understanding of user interaction was achieved thanks to the VoIP-based honeypot.
Read full abstract