Detecting User Behavior in Cyber Threat Intelligence: Development of Honeypsy System
Authors: Odemis, M., Yucel, C. and Koltuksuz, A.
Journal: Security and Communication Networks
Volume: 2022
eISSN: 1939-0122
ISSN: 1939-0114
DOI: 10.1155/2022/7620125
Abstract:This research demonstrates a design of an experiment of a hacker infiltrating a server where it is assumed that the communication between the hacker and the target server is established, and the hacker also escalated his rights on the server. Therefore, the honeypot server setup has been designed to reveal the correlation of a hacker's actions with that of the hacker's experience, personality, expertise, and psychology. To the best of our knowledge, such a design of experiment has never been tested rigorously on a honeypot implementation except for self-reporting tests applied to hackers in the literature. However, no study evaluates the actual data of these hackers and these tests. This study also provides a honeypot design to understand the personality and expertise of the hacker and displays the correlation of these data with the tests. Our Honeypsy system is composed of a Big-5 personality test, a cyber expertise test, and a capture-the-flag (CTF) event to collect logs with honeypot applied in this sequence. These three steps generate data on the expertise and psychology of known cyber hackers. The logs of the known hacker activities on honeypots are obtained through the CTF event that they have participated in. The design and deployment of a honeypot, as well as the CTF event, were specifically prepared for this research. Our aim is to predict an unknown hacker's expertise and personality by analyzing these data. By examining/analyzing the data of the known hackers, it is now possible to make predictions about the expertise and personality of the unknown hackers. The same logic applies when one tries to predict the next move of the unknown hackers attacking the server. We have aimed to underline the details of the personalities and expertise of hackers and thus help the defense experts of victimized institutions to develop their cyber defense strategies in accordance with the modus operandi of the hackers.
https://eprints.bournemouth.ac.uk/36580/
Source: Scopus
Detecting User Behavior in Cyber Threat Intelligence: Development of Honeypsy System
Authors: Odemis, M., Yucel, C. and Koltuksuz, A.
Journal: SECURITY AND COMMUNICATION NETWORKS
Volume: 2022
eISSN: 1939-0122
ISSN: 1939-0114
DOI: 10.1155/2022/7620125
https://eprints.bournemouth.ac.uk/36580/
Source: Web of Science (Lite)
Detecting User Behavior in Cyber Threat Intelligence: Development of Honeypsy System
Authors: Odemis, M., Yucel, C. and Koltuksuz, A.
Journal: Security and Communication Networks
Publisher: Wiley-Blackwell
ISSN: 1939-0114
DOI: 10.1155/2022/7620125
https://eprints.bournemouth.ac.uk/36580/
Source: Manual
Detecting User Behavior in Cyber Threat Intelligence: Development of Honeypsy System.
Authors: Odemis, M., Yucel, C. and Koltuksuz, A.
Journal: Secur. Commun. Networks
Volume: 2022
Pages: 7620125:1
https://eprints.bournemouth.ac.uk/36580/
Source: DBLP
Detecting User Behavior in Cyber Threat Intelligence: Development of Honeypsy System.
Authors: Odemis, M., Yucel, C. and Koltuksuz, A.
Journal: Security and Communication Networks
Volume: 2022
ISSN: 1939-0114
Abstract:This research demonstrates a design of an experiment of a hacker infiltrating a server where it is assumed that the communication between the hacker and the target server is established, and the hacker also escalated his rights on the server. Therefore, the honeypot server setup has been designed to reveal the correlation of a hacker’s actions with that of the hacker’s experience, personality, expertise, and psychology. To the best of our knowledge, such a design of experiment has never been tested rigorously on a honeypot implementation except for self-reporting tests applied to hackers in the literature. However, no study evaluates the actual data of these hackers and these tests. This study also provides a honeypot design to understand the personality and expertise of the hacker and displays the correlation of these data with the tests. Our Honeypsy system is composed of a Big-5 personality test, a cyber expertise test, and a capture-the-flag (CTF) event to collect logs with honeypot applied in this sequence. These three steps generate data on the expertise and psychology of known cyber hackers. The logs of the known hacker activities on honeypots are obtained through the CTF event that they have participated in. The design and deployment of a honeypot, as well as the CTF event, were specifically prepared for this research. Our aim is to predict an unknown hacker's expertise and personality by analyzing these data. By examining/analyzing the data of the known hackers, it is now possible to make predictions about the expertise and personality of the unknown hackers. The same logic applies when one tries to predict the next move of the unknown hackers attacking the server. We have aimed to underline the details of the personalities and expertise of hackers and thus help the defense experts of victimized institutions to develop their cyber defense strategies in accordance with the modus operandi of the hackers.
https://eprints.bournemouth.ac.uk/36580/
Source: BURO EPrints