Implementing Honeypots for Detecting Cyber Threats with AWS using the ELK

Viktor Kosheliuk; Yurii Tulashvili

doi:10.47839/ijc.23.4.3761

Authors

Viktor Kosheliuk
Yurii Tulashvili

DOI:

https://doi.org/10.47839/ijc.23.4.3761

Keywords:

T-Pot, cloud computing, cybersecurity, ELK stack, honeypot

Abstract

The growing need to use cloud computing to design information systems that are accessible 24/7 opens up a great opportunity for potential attacks by malicious actors. Every day, we see a large number of cyberattacks in all aspects of life. One of the methods of solving the problem of countering hackers is to protect the server using a honeypot. The proliferation of multi-level honeypots characterizes one of the methods of detecting and preventing the actions of criminals by generating a fake server to redirect hacker attacks. In our work, we propose to use honeypots as an element of IT infrastructure intelligence to identify vulnerabilities and study patterns of potential attacks. To achieve this goal, we deployed honeypots in five different regions of the AWS cloud provider. The data obtained was analyzed using ELK Stack (elasticsearch, logstash, kibana). The integration of honeypot and ELK Stack demonstrates an effective solution for detecting potential attacks by providing a detailed visualization of the behavior of attackers.

References

P. S. Negi, A. Garg and R. Lal, “Intrusion detection and prevention using honeypot network for cloud security,” Proceedings of the 2020 10th International Conference on Cloud Computing, Data Science & Engineering (Confluence), Noida, India, 2020, pp. 129-132, https://doi.org/10.1109/Confluence47617.2020.9057961.

J. Chacon, S. McKeown and R. Macfarlane, “Towards identifying human actions, intent, and severity of APT attacks applying deception techniques – An experiment,” Proceedings of the 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), Dublin, Ireland, 2020, pp. 1-8, https://doi.org/10.1109/CyberSecurity49315.2020.9138859.

S. Ravji and M. Ali, “Integrated intrusion detection and prevention system with honeypot in cloud computing,” Proceedings of the 2018 International Conference on Computing, Electronics & Communications Engineering (iCCECE), Southend, UK, 2018, pp. 95-100, https://doi.org/10.1109/iCCECOME.2018.8658593.

S. Govindaraj, S. Prakash, Joint Honeypot Networks and Hybrid Intrusion Detection System for Mobile Cloud Computing, Master thesis, Dublin, National College of Ireland, 2020. https://norma.ncirl.ie/id/eprint/4171.

S. Lysenko, K. Bobrovnikova, V. Kharchenko, O. Savenko, “IoT multi-vector cyberattack detection based on machine learning algorithms: traffic features analysis, experiments, and efficiency,” Algorithms, vol. 15, 239, 2022. https://doi.org/10.3390/a15070239.

R. Guan, L. Li, T. Wang, Y. Qin, W. Xiong and Q. Liu, “A Bayesian improved defense model for deceptive attack in honeypot-enabled networks,” Proceedings of the 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), Zhangjiajie, China, 2019, pp. 208-214, ttps://doi.org/10.1109/HPCC/SmartCity/DSS.2019.00043.

M. Dawood, S. Tu, C. Xiao, H. Alasmary, M. Waqas, S. Ur Rehman, “Cyberattacks and security of cloud computing: A complete guideline,” Symmetry, vol. 15, no. 11, 1981, 2023. https://doi.org/10.3390/sym15111981.

C. Kelly, N. Pitropakis, A. Mylonas, S. Mckeown, W. Buchanan, “A comparative analysis of honeypots on different cloud platforms,” Sensors, vol. 21, 2021. https://doi.org/10.3390/s21072433.

S. B. Goyal, P. Bedi, S. Kumar, J. Kumar, N. R. Karahroudi, “Application of deep learning in honeypot network for cloud intrusion detection,” In: Chaki, N., Devarakonda, N., Cortesi, A., Seetha, H. (eds), Proceedings of International Conference on Computational Intelligence and Data Engineering. Lecture Notes on Data Engineering and Communications Technologies, vol 99, 2022. Springer, Singapore. https://doi.org/10.1007/978-981-16-7182-1_21.

C. Gupta, T. Van Ede and A. Continella, “HoneyKube: Designing and deploying a microservices-based web honeypot,” Proceedings of the 2023 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA, 2023, pp. 1-11, https://doi.org/10.1109/SPW59333.2023.00005.

N. El Kamel, et al., “A smart agent design for cyber security based on honeypot and machine learning,” Security and Communication Networks, 2020, pp. 1-9. https://doi.org/10.1155/2020/8865474.

A. Vetterl, Honeypots in the Age of Universal Attacks and the Internet of Things, Technical Report UCAM-CL-TR-944, University of Cambridge, Computer Laboratory, February 2020. https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-944.pdf.

K. Bobrovnikova, S. Lysenko, B. Savenko, P. Gaj, O. Savenko, “Technique for IoT malware detection based on control flow graph analysis,” Radioelectronic and Computer Systems, no. 1, pp. 141-153, 2022. https://doi.org/10.32620/reks.2022.1.11.

G. Márquez, H. Astudillo, “Identifying availability tactics to support security architectural designs in microservices-based systems,” Proceedings of the 13th European Conference on Software Architecture ECSA’19, Association for Computing Machinery, New York, NY, USA, 2019, vol. 2, pp. 123-129, https://doi.org/10.1145/3344948.3344996.

M. R. Amal, P. Venkadesh, “H-DOCTOR: Honeypot based firewall tuning for attack prevention,” Measurement: Sensors, vol. 25, 100664, 2023, https://doi.org/10.1016/j.measen.2022.100664.

D. Le, A. Zincir-Heywood, “Exploring anomalous behaviour detection and classification for insider threat identification: Anomaly detection and classification for insider threat identification,” International Journal of Network Management, vol. 31, e2109, 2020. https://doi.org/10.1002/nem.2109.

I. Livshitz, Low, Medium and High Interaction Honeypot Security, 2019, [Online]. Available at: https://www.akamai.com/blog/security/high-interaction-honeypot-versus-low-interaction-honeypot-comparison.

M. Boddy, Exposed: Cyberattacks on Cloud Honeypots, 2020, [Online]. Available at: https://www.sophos.com/en-us/medialibrary/PDFs/Whitepaper/sophos-exposed-cyberattacks-on-cloud-honeypots-wp.pdf.

C.-A. Chen, “With great abstraction comes great responsibility: Sealing the microservices attack surface,” Proceedings of the 2019 IEEE Cybersecurity Development (SecDev), Tysons Corner, VA, USA, 2019, pp. 144-144, https://doi.org/10.1109/SecDev.2019.00027.

R. Kumar, R. Goyal, “Modeling continuous security: A conceptual model for automated DevSecOps using open-source software over cloud (ADOC),” Computers & Security, vol. 97, 101967, 2020. https://doi.org/10.1016/j.cose.2020.101967.

U. J. C. Pramodya, et al., “Agenthunt: Honeypot and IDS based network monitoring device to secure home networks,” In: Proceedings of the Future Technologies Conference (FTC) 2021, Volume 3, Springer International Publishing, 2022, pp. 194-207. https://doi.org/10.1007/978-3-030-89912-7_16.

Cymmetria Research. Cisco ASA honeypot. 2024, [Online]. Available at: https://github.com/Cymmetria/ciscoasa_honeypot.

Michel Oosterhof. Cowrie SSH/Telnet Honeypot. 2024, [Online]. Available at: https://github.com/cowrie/cowrie.

Dionaea. dionaea - catches bugs. 2024, [Online]. Available at: https://github.com/DinoTools/dionaea.

L. Rist, J. Vestergaard, D. Haslinger, A. Pasquale, and J. Smith, Glutton: low-interaction honeypot, 2024, [Online]. Available at: https://github.com/mushorg/glutton.

T. Werner, Honeytrap, 2024, [Online]. Available at: https://github.com/armedpot/honeytrap.

Elasticsearch, The Elastic Stack, 2024, [Online]. Available at: https://www.elastic.co/elastic-stack.

International Journal of Computing

Implementing Honeypots for Detecting Cyber Threats with AWS using the ELK

Authors

DOI:

Keywords:

Abstract

References

Downloads

Published

How to Cite

Issue

Section

License

Information