![]() ![]() Honeypots are a defensive cyber security countermeasure used to gather data on intruder activities. The resulting annotations can help cybersecurity defenders better understand the effectiveness of the Cowrie artefacts and how they can be used deceptively. This study pursues to develop an understanding about its capabilities, and how these capabilities can be used to bait attackers. Therefore, there is a need for some type of infrastructure that can interpret these basic deception techniques and tools, and later developing them into feasible cybersecurity defence mechanisms. However, this process is complex, because there are no standard frameworks to interpret the artefacts used by the Cowrie honeypot and how these artefacts link to the type of deceptiveness presented to the cyber-attacker. To increase Cowrie’s deceptive capabilities, it is essential to understand, modify, and leverage all capabilities of the honeypot. However, the current issue with the default Cowrie configuration is that it is easily detected by adversaries using automated scripts and tools. ![]() Cowrie is a medium-interaction secure shell (SSH) and Telnet honeypot intended to log brute force and shell interaction attacks. ![]() A varied collection of open source honeypots such as Cowrie are available today, which can be easily downloaded and deployed within minutes-with default settings. The current technology is advancing rapidly with the use of virtualisation, and most recently, virtual containers, the deployment of honeypots has become increasingly easier. Honeypots are progressively becoming a fundamental cybersecurity tool to detect, prevent and record new threats and attack methodologies used by attackers to penetrate systems. The research suggests there is wide use of automated password tools and wordlists in attempts to gain access to the SSH honeypots, there are also a wide range of account types being probed. Automated password guessing using wordlists is one technique employed by cyber criminals in attempts to gain access to devices on the Internet. Although all three honeypots are have the same configuration settings and are located on the same IPv4 /24 subnet work space, there is a variation between the numbers of activities recorded on each honeypots. The analysis in this paper focuses on the techniques used to attempt to gain access to these systems by attacking entities. The data from the honeypots were collected during the period 17th July 2012 and 26th November 2013, a total of 497 active day periods. The honeypots used the same base software and hardware configurations. The honeypots were located on the same /24 IPv4 network and configured as identically as possible. This paper is an investigation focusing on activities detected by three SSH honeypots that utilise Kippo honeypot software. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |