Human vs Bots: Detecting Human Attacks in a Honeypot Environment

Abstract

The increase in the automated attacks has motivated security researchers to focus on identifying patterns of attacker to safeguard the system. Humans have some basic behavioral characteristics and limitations, which can be identified and used to distinguish them from automated attackers. The network log data collected from a Honeypot uncovers such traits which are otherwise not noticeable. The paper analyses a SSH-based Honeypot deployed over a period of 423 days to identify human behavior traits which can essentially distinguish an automated attacker and a human attacker.