Show simple item record

dc.contributor.authorAl-Mohannadi, Hamad*
dc.contributor.authorAwan, Irfan U.*
dc.contributor.authorAl Hamar, J.*
dc.contributor.authorCullen, Andrea J.*
dc.contributor.authorDisso, Jules P.*
dc.contributor.authorArmitage, Lorna*
dc.date.accessioned2018-07-03T16:01:23Z
dc.date.available2018-07-03T16:01:23Z
dc.date.issued2018-05-18
dc.identifier.citationAL-Mohannad H, Awan I, Al Hamar J, Cullen A, Disso JP and Armitage L (2018) Cyber Threat Intelligence from Honeypot Data using Elasticsearch. 32nd IEEE International Conference on Advanced Information Networking and Applications (IEEE AINA-2018) Pedagogical University of Cracow, Poland, May 16-18, 2018.en_US
dc.identifier.urihttp://hdl.handle.net/10454/16385
dc.descriptionyesen_US
dc.description.abstractCyber attacks are increasing in every aspect of daily life. There are a number of different technologies around to tackle cyber-attacks, such as Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), firewalls, switches, routers etc., which are active round the clock. These systems generate alerts and prevent cyber attacks. This is not a straightforward solution however, as IDSs generate a huge volume of alerts that may or may not be accurate: potentially resulting in a large number of false positives. In most cases therefore, these alerts are too many in number to handle. In addition, it is impossible to prevent cyber-attacks simply by using tools. Instead, it requires greater intelligence in order to fully understand an adversary’s motive by analysing various types of Indicator of Compromise (IoC). Also, it is important for the IT employees to have enough knowledge to identify true positive attacks and act according to the incident response process. In this paper, we have proposed a new threat intelligence technique which is evaluated by analysing honeypot log data to identify behaviour of attackers to find attack patterns. To achieve this goal, we have deployed a honeypot on an AWS cloud to collect cyber incident log data. The log data is analysed by using elasticsearch technology namely an ELK (Elasticsearch, Logstash and Kibana) stack.en_US
dc.language.isoenen_US
dc.relation.isreferencedbyhttp://voyager.ce.fit.ac.jp/conf/aina/2018/en_US
dc.rights© 2018IEEE. Reproduced in accordance with the publisher's self-archiving policy. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.en_US
dc.subjectCyber attacksen_US
dc.subjectCyber threatsen_US
dc.subjectHoneypot dataen_US
dc.subjectElasticsearchen_US
dc.subjectCyber threat intelligence techniqueen_US
dc.titleCyber Threat Intelligence from Honeypot Data using Elasticsearchen_US
dc.status.refereedn/aen_US
dc.typeConference paperen_US
dc.type.versionAccepted Manuscripten_US
refterms.dateFOA2018-07-29T02:37:40Z


Item file(s)

Thumbnail
Name:
Cyber Threat Intelligence from ...
Size:
534.9Kb
Format:
PDF
Description:
Main article

This item appears in the following Collection(s)

Show simple item record