Cowrie Honeypot Data Analysis and Predicting the Directory Traverser Pattern during the Attack

2021 International Conference on Innovative Computing, Intelligent Communication and Smart Electrical Systems (ICSES) Pub Date : 2021-09-24 DOI:10.1109/ICSES52305.2021.9633881

Sajeel Mehta, D. Pawade, Yash Nayyar, Irfan A. Siddavatam, Anoop Tiwart, A. Dalvi

{"title":"Cowrie Honeypot Data Analysis and Predicting the Directory Traverser Pattern during the Attack","authors":"Sajeel Mehta, D. Pawade, Yash Nayyar, Irfan A. Siddavatam, Anoop Tiwart, A. Dalvi","doi":"10.1109/ICSES52305.2021.9633881","DOIUrl":null,"url":null,"abstract":"Honeypots are recent innovation in intrusion detection technology. They are the traps designed to basically entrap potential intruders and log their activities. The main objective of such systems is to collect the information about the intruders, deviate them from accessing critical systems, push them to stay on top of the system for some time so their behavior can be observed. We have used Cowrie Honeypot to achieve the above objectives. The log of intruder activities is maintained which is processed and graphically visualized using ELK. This intruder activity data is useful to know the intruder behavior and accordingly safety measures can be employed against that. In extension to data visualization, we have also implemented the probabilistic approach to predict the directory traverser pattern of the intruder. This will help us to understand the next traverser step in advance so that we can take precautionary measures to avoid it.","PeriodicalId":6777,"journal":{"name":"2021 International Conference on Innovative Computing, Intelligent Communication and Smart Electrical Systems (ICSES)","volume":"58 1","pages":"1-4"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Innovative Computing, Intelligent Communication and Smart Electrical Systems (ICSES)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSES52305.2021.9633881","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Honeypots are recent innovation in intrusion detection technology. They are the traps designed to basically entrap potential intruders and log their activities. The main objective of such systems is to collect the information about the intruders, deviate them from accessing critical systems, push them to stay on top of the system for some time so their behavior can be observed. We have used Cowrie Honeypot to achieve the above objectives. The log of intruder activities is maintained which is processed and graphically visualized using ELK. This intruder activity data is useful to know the intruder behavior and accordingly safety measures can be employed against that. In extension to data visualization, we have also implemented the probabilistic approach to predict the directory traverser pattern of the intruder. This will help us to understand the next traverser step in advance so that we can take precautionary measures to avoid it.

查看原文本刊更多论文

corie蜜罐数据分析及攻击过程中目录遍历模式预测

蜜罐是入侵检测技术的最新创新。它们是设计用来诱捕潜在入侵者并记录其活动的陷阱。此类系统的主要目标是收集有关入侵者的信息，使他们远离访问关键系统，迫使他们在系统上停留一段时间，以便观察他们的行为。我们使用柯力蜜罐来实现上述目标。维护入侵者活动的日志，并使用ELK对其进行处理和图形化可视化。这些入侵者活动数据对于了解入侵者的行为非常有用，因此可以采取相应的安全措施。在数据可视化的扩展中，我们还实现了概率方法来预测入侵者的目录遍历模式。这将有助于我们提前了解下一个穿越步骤，以便我们可以采取预防措施来避免它。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 International Conference on Innovative Computing, Intelligent Communication and Smart Electrical Systems (ICSES)

自引率

0.00%

发文量