Scalable Honeypot Monitoring and Analytics
Loading...
Journal Title
Journal ISSN
Volume Title
Perustieteiden korkeakoulu |
Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.
Author
Date
2018-08-20
Department
Major/Subject
Security and Cloud Computing
Mcode
SCI3084
Degree programme
Master’s Programme in Computer, Communication and Information Sciences
Language
en
Pages
53
Series
Abstract
Honeypot systems with a large number of instances pose new challenges in terms of monitoring and analytics. They produce a significant amount of data and require the analyst to monitor every new honeypot instance in the system. Specifically, current approaches require each honeypot instance to be monitored and analysed individually. Therefore, these cannot scale to support scenarios in which a large number of honeypots are used. Furthermore, amalgamating data from a large number of honeypots presents new opportunities to analyse trends. This thesis proposes a scalable monitoring and analytics system that is designed to address this challenge. It consists of three components: monitoring, analysis and visualisation. The system automatically monitors each new honeypot, reduces the amount of collected data and stores it centrally. All gathered data is analysed in order to identify patterns of attacker behaviour. Visualisation conveniently displays the analysed data to an analyst. A user study was performed to evaluate the system. It shows that the solution has met the requirements posed to a scalable monitoring and analytics system. In particular, the monitoring and analytics can be implemented using only open-source software and does not noticeably impact the performance of individual honeypots or the scalability of the overall honeypot system. The thesis also discusses several variations and extensions, including detection of new patterns, and the possibility of providing feedback when used in an educational setting, monitoring attacks by information-security students.Description
Supervisor
Aura, TuomasThesis advisor
Paverd, AndrewKeywords
honeypot, monitoring, logging, analytics, clustering, patterns