Improving Effectiveness of Honeypots: Predicting Targeted Destination Port Numbers During Attacks Using J48 Algorithm

  • Tanveer GangabissoonEmail author
  • Amaan Nathoo
  • Rakshay Ramhith
  • Bhooneshwar Gopee
  • Girish Bekaroo
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 561)


During recent years, there has been an increase in cyber-crime and cybercriminal activities around the world and as countermeasures, effective attack prevention and detection mechanisms are needed. A popular tool to augment existing attack detection mechanisms is the Honeypot. It serves as a decoy for luring attackers, with the purpose to accumulate essential details about the intruder and techniques used to compromise systems. In this endeavor, such tools need to effectively listen and keep track of ports on hosts such as servers and computers within networks. This paper investigates, analyzes and predicts destination port numbers targeted by attackers in order to improve the effectiveness of honeypots. To achieve the purpose of this paper, the J48 decision tree classifier was applied on a database containing information on cyber-attacks. Results revealed insightful information on key destination port numbers targeted by attackers, in addition to how these targeted ports vary within different regions around the world.


Destination port Honeypot Prediction J48 algorithm Decision tree 


  1. 1.
    Jhaveri, M., Cetin, O., Gañán, C., Moore, T., Eeten, M.: Abuse reporting and the fight against cybercrime. ACM Comput. Surv. (CSUR) 49(4), 68 (2017)CrossRefGoogle Scholar
  2. 2.
    The Windows Club, “What are Honeypots and how can they secure computer systems” (2018). Accessed 11 Apr 2014
  3. 3.
    Harrison, J.: Honeypots: The sweet spot in network security (2018).–the-sweet-spot-in-network-security.html. Accessed 28 Apr 2018
  4. 4.
    Yang, Y., Yang, H., Mi, J.: Design of distributed honeypot system based on intrusion tracking. In: 2011 IEEE 3rd International Conference on Communication Software and Networks (ICCSN) (2011)Google Scholar
  5. 5.
    Zakari, A., Lawan, A., Bekaroo, G.: Towards improving the security of low-interaction honeypots: insights from a comparative analysis. In: International Conference on Emerging Trends in Electrical, Electronic and Communications Engineering (2016)Google Scholar
  6. 6.
    Duong, B.: Comparisons of attacks on honeypots with those on real networks, Naval Postgraduate School, Monterey, California (2006)Google Scholar
  7. 7.
    Kreibich, C., Crowcroft, J.: Honeycomb: creating intrusion detection signatures using honeypots. ACM SIGCOMM Comput. Commun. Rev. 34(1), 51–56 (2004)CrossRefGoogle Scholar
  8. 8.
    Lee, K., Caverlee, J., Webb, S.: Uncovering social spammers: social honeypots + machine learning. In: Proceedings of the 33rd International ACM SIGIR Conference on Research and Development in Information Retrieval (2010)Google Scholar
  9. 9.
    Hayatle, O., Otrok, H., Youssef, A.: A markov decision process model for high interaction honeypots. Inf. Secur. J.: Glob. Perspect. 22(4), 159–170 (2013)Google Scholar
  10. 10.
    Alosefer, Y., Rana, O.: Automated state machines applied in client honeypots. In: 2010 5th International Conference on Future Information Technology (FutureTech) (2010)Google Scholar
  11. 11.
    Jantan, H., Hamdan, A., Othman, Z.: Human talent prediction in HRM using C4. 5 classification algorithm. Int. J. Comput. Sci. Eng. 2(8), 2526–2534 (2010)Google Scholar
  12. 12.
    Neeraj, B., Girja, S., Ritu, D., Manisha, M.: Decision tree analysis on j48 algorithm for data mining. Int. J. Adv. Res. Comput. Sci. Softw. Eng. (JARCSSE) 3(6), 1114–1119 (2013)Google Scholar
  13. 13.
    Amin, R., Sibaroni, Y.: Implementation of decision tree using C4. 5 algorithm in decision making of loan application by debtor (Case study: Bank pasar of Yogyakarta Special Region). In: 2015 3rd International Conference on Information and Communication Technology (ICoICT) (2015)Google Scholar
  14. 14.
    Patil, T., Sherekar, S.: Performance analysis of Naive Bayes and J48 classification algorithm for data classification. Int. J. Comput. Sci. Appl. 6(2), 256–261 (2013)Google Scholar
  15. 15.
    Delen, D., Walker, G., Kadam, A.: Predicting breast cancer survivability: a comparison of three data mining methods. Artif. Intell. Med. 34(2), 113–127 (2005)CrossRefGoogle Scholar
  16. 16.
    Bui, D., Ho, T., Revhaug, I., Pradhan, B., Nguyen, D.: Landslide susceptibility mapping along the national road 32 of Vietnam using GIS-based J48 decision tree classifier and its ensembles. In: Cartography from Pole to Pole. Springer, Heidelberg (2014)Google Scholar
  17. 17.
    Sahu, S., Mehtre, B.: Network intrusion detection system using J48 decision tree. In: 2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI) (2015)Google Scholar
  18. 18.
    Wu, X., Kumar, V., Quinlan, J., Ghosh, J., Yang, Q., Motoda, H., McLachlan, G., Ng, A., Liu, B., Philip, S., Zhou, Z.: Top 10 algorithms in data mining. Knowl. Inf. Syst. 14(1), 1–37 (2008)CrossRefGoogle Scholar
  19. 19.
    Jacobs, J., Rudis, B.: Kaggle (2018). Accessed 10 Apr 2018
  20. 20.
    Holmes, G., Donkin, A., Witten, I.: Weka: a machine learning workbench. In: Proceedings of the 1994 Second Australian and New Zealand Conference on Intelligent Information Systems (1994)Google Scholar
  21. 21.
    Salzberg, S.: C4. 5: programs for machine learning by j. ross quinlan. Mach. Learn. 16(3), 235–240 (1994)MathSciNetGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Tanveer Gangabissoon
    • 1
    Email author
  • Amaan Nathoo
    • 1
  • Rakshay Ramhith
    • 1
  • Bhooneshwar Gopee
    • 1
  • Girish Bekaroo
    • 1
  1. 1.School of Science and TechnologyMiddlesex University MauritiusFlic-en-FlacMauritius

Personalised recommendations