An Analysis of Honeypots and their Impact as a Cyber Deception Tactic

TL;DR

This paper investigates how cyber honeypots can be effectively deployed as deception tools to gather detailed attacker intelligence, demonstrating an experiment using open-source tools to analyze attacker behaviors and techniques.

Contribution

It presents a comprehensive implementation and analysis of a honeypot system for cyber deception, utilizing open-source tools to enhance attacker intelligence gathering.

Findings

Honeypots can effectively collect attacker IP and attack methods

Analysis reveals attacker command patterns and malware downloads

Experiment demonstrates practical deployment of open-source honeypots

Abstract

This paper explores deploying a cyber honeypot system to learn how cyber defenders can use a honeypot system as a deception mechanism to gather intelligence. Defenders can gather intelligence about an attacker such as the autonomous system that the IP of the attacker is allocated from, the way the attacker is trying to penetrate the system, what different types of attacks are being used, the commands the attacker is running once they are inside the honeypot, and what malware the attacker is downloading to the deployed system. We demonstrate an experiment to implement a honeypot system that can lure in attackers and gather all the information mentioned above. The data collected is then thoroughly analyzed and explained to understand all this information. This experiment can be recreated and makes use of many open-source tools to successfully create a honeypot system.