Characterizing Honeypot-Captured Cyber-attacks: Statistical Framework and Case Study

Authors

  • Gulomov Sherzod Rajaboyevich PHD, Associate Professor, Head of the Department of "Information Security", Tashkent University of Information Technology named after Muhammad al-Khwarizmi, Uzbekistan
  • Salimova Husniya Rustamovna Master's degree, specialty "Information Security", Tashkent University of Information Technologies named after Muhammad al-Khwarizmi, Uzbekistan
  • Ganiyev Asadullo Mahmud o’g’li Bachelor degree, Faculty of Software engineering, Tashkent University of Information Technologies named after Muhammad al-Khwarizmi, Uzbekistan

Keywords:

Cyber security, cyber-attacks, stochastic cyber-attack process, statistical properties, long-range dependence (LRD), cyber-attack prediction, forensic analysis of honeypots, network

Abstract

We propose the first statistical framework for rigorously analyzing honeypot-captured cyber-attack data. The framework is built on the novel concept of stochastic cyber-attack process, a new kind of mathematical objects for describing cyber-attacks. To demonstrate use of the framework, we apply it to analyze a lowinteraction honeypot dataset, while noting that the framework can be equally applied to analyze high-interaction honeypot data that contains richer information about the attacks. The case study finds, for the first time, that Long-Range Dependence (LRD) is exhibited by honeypot-captured cyber-attacks. The case study confirms that by exploiting the statistical properties (LRD in this case), it is feasible to predict cyber-attacks (at least in terms of attack rate) with good accuracy. This kind of prediction capability would provide sufficient early-warning time for defenders to adjust their defense configurations or resource allocations. The idea of “gray-box” (rather than “black-box”) prediction is central to the utility of the statistical framework, and represents a significant step towards ultimately understanding (the degree of) the predictability of cyber-attacks. Attacks on the internet keep on increasing and it causes harm to our security system. In order to minimize this threat, it is necessary to have a security system that has the ability to detect zero-day attacks and block them. “Honeypot is the proactive defense technology, in which resources placed in a network with the aim to observe and capture new attacks”. This paper proposes a honeypot-based model for intrusion detection system (IDS) to obtain the best useful data about the attacker. The ability and the limitations of Honeypots were tested and aspects of it that need to be improved were identified. In the future, we aim to use this trend for early prevention so that pre-emptive action is taken before any unexpected harm to our security system.

Downloads

Published

2022-05-30

How to Cite

Rajaboyevich, G. S. ., Rustamovna, S. H. ., & o’g’li, G. A. M. . (2022). Characterizing Honeypot-Captured Cyber-attacks: Statistical Framework and Case Study. International Journal of Innovative Analyses and Emerging Technology, 2(5), 63–67. Retrieved from https://oajournals.net/index.php/ijiaet/article/view/1378

Issue

Section

Articles

Similar Articles

<< < 4 5 6 7 8 9 10 11 12 13 > >> 

You may also start an advanced similarity search for this article.