Honeypots are deployed to capture cyber attack data for analysis of attacker behavior. Understanding this behavior informs the implementation of more robust security measures. Attacks can take many forms and can come from different geographical sources. Temporal patterns in attacks are often observed due to the diurnal nature of computer usage and thus attack types captured on a honeypot will also reflect these patterns. We propose that it is possible to determine the probability of differing attack types occurring at certain times of the day. This paper analyses a honeypot dataset to establish attack types and corresponding temporal patterns. It calculates the probability of each attack type occurring at a particular time of day and tests these probabilities with a random sample from the honeypot dataset. Finally it proposes automating this process to create dynamic and adaptive honeypots. An adaptive honeypot that can modify its security levels can increase the attack vector at different times of the day. This will improve data collection for analysis that ultimately will lead to better cyber defenses.

Published in: World Congress on Internet Security (WorldCIS-2016)

  • Date of Conference: 14-16 November 2016
  • DOI: 10.2053/WorldCIS.2016.0004
  • ISBN: 978-1-908320-66-7
  • Conference Location: Heathrow Windsor Marriott Hotel, UK