Characterizing Honeypot-Captured Cyber-attacks: Statistical Framework and Case Study

dc.creatorRajaboyevich, Gulomov Sherzod
dc.creatorRustamovna, Salimova Husniya
dc.creatoro’g’li, Ganiyev Asadullo Mahmud
dc.date2022-05-30
dc.date.accessioned2023-08-21T07:42:14Z
dc.date.available2023-08-21T07:42:14Z
dc.descriptionWe propose the first statistical framework for rigorously analyzing honeypot-captured cyber-attack data. The framework is built on the novel concept of stochastic cyber-attack process, a new kind of mathematical objects for describing cyber-attacks. To demonstrate use of the framework, we apply it to analyze a lowinteraction honeypot dataset, while noting that the framework can be equally applied to analyze high-interaction honeypot data that contains richer information about the attacks. The case study finds, for the first time, that Long-Range Dependence (LRD) is exhibited by honeypot-captured cyber-attacks. The case study confirms that by exploiting the statistical properties (LRD in this case), it is feasible to predict cyber-attacks (at least in terms of attack rate) with good accuracy. This kind of prediction capability would provide sufficient early-warning time for defenders to adjust their defense configurations or resource allocations. The idea of “gray-box” (rather than “black-box”) prediction is central to the utility of the statistical framework, and represents a significant step towards ultimately understanding (the degree of) the predictability of cyber-attacks. Attacks on the internet keep on increasing and it causes harm to our security system. In order to minimize this threat, it is necessary to have a security system that has the ability to detect zero-day attacks and block them. “Honeypot is the proactive defense technology, in which resources placed in a network with the aim to observe and capture new attacks”. This paper proposes a honeypot-based model for intrusion detection system (IDS) to obtain the best useful data about the attacker. The ability and the limitations of Honeypots were tested and aspects of it that need to be improved were identified. In the future, we aim to use this trend for early prevention so that pre-emptive action is taken before any unexpected harm to our security system.en-US
dc.formatapplication/pdf
dc.identifierhttps://openaccessjournals.eu/index.php/ijiaet/article/view/1378
dc.identifier.urihttp://dspace.umsida.ac.id/handle/123456789/13892
dc.languageeng
dc.publisherOpen Access Journalsen-US
dc.relationhttps://openaccessjournals.eu/index.php/ijiaet/article/view/1378/1380
dc.rightsCopyright (c) 2022 International Journal of Innovative Analyses and Emerging Technologyen-US
dc.sourceInternational Journal of Innovative Analyses and Emerging Technology; Vol. 2 No. 5 (2022): International Journal of Innovative Analyses and Emerging Technology (2792-4025); 63-67en-US
dc.source2792-4025
dc.subjectCyber securityen-US
dc.subjectcyber-attacksen-US
dc.subjectstochastic cyber-attack processen-US
dc.subjectstatistical propertiesen-US
dc.subjectlong-range dependence (LRD)en-US
dc.subjectcyber-attack predictionen-US
dc.subjectforensic analysis of honeypotsen-US
dc.subjectnetworken-US
dc.titleCharacterizing Honeypot-Captured Cyber-attacks: Statistical Framework and Case Studyen-US
dc.typeinfo:eu-repo/semantics/article
dc.typeinfo:eu-repo/semantics/publishedVersion
dc.typePeer-reviewed Articleen-US
Files