Abstract
The evolving of advance cyber threats requires the cyber security specialist and system analyst to detect, analyse and timely react against such kind of cyber attacks. In real practical scenario, the timely dissemination of attack information is a challenge and that is not possible without cyber threat intelligence with inclusion of deep analysis of attack features and attack contextual information. In this paper, automated proactive approach for cyber threat intelligence generation is presented integrated with standard data sharing formats that can act as attack indicator for the security defence mechanism put in place in an organization such as SIEM. The strength of Honeypot-based approaches for cyber threat intelligence is proven with well-defined use cases. The capabilities of Honeypots to detect zero-day attacks can be benefited if and only if the attack events are timely digested by the security solutions and that is only possible by sharing the attack events in standard data sharing languages. The developed system is fully automated that include captured attack data is processed by various automated analysis engines, augmenting the contextual information and applying deep learning models for later threat prediction. Finally, we propose a system design incorporating deep learning neural network-based cyber threat intelligence generation for cyber threat prediction. To achieve all these, cluster of VM Honeypots are deployed in a public IP4 network.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ernst and Young Global Limited (2014) Cyber threat intelligence—how to get ahead of cybercrime. Insights on Governance, Risk and Compliance
Watkins K-F (2017) M-Trends 2017: a view from the front lines, vol 4. Premier Outlook
Kaur Sahi Asst S. A Study of WannaCry Ransomware Attack. Int J Eng Res Comput Sci Eng. 2017;4(9):79
https://www.gartner.com/doc/2487216/definition-threat-intelligence
Boeke S, van de BDP J (2017) Cyber threat intelligence—from confusion to clarity; an investigation into cyber threat intelligence
Qiang L, Zeming Y, Baoxu L, Zhengwei YJJ (2017) Framework of cyber attack attribution based on threat intelligence. ICST Inst Comput Sci Soc Inform Telecommun Eng 190:92103
Alsmadi I (2019) Cyber threat analysis. In: The NICE cyber security framework. Springer, Cham
Spitzner L (2003) The Honeynet project: trapping the hackers. IEEE Secur Priv Mag 1(2):15–23
Kumar Sanjeev et al (2012) Distributed Honeynet system using Gen III virtual Honeynet. Int J Comput Theory Eng 4(4):537–541
Ailianos T (2014) SIEM optimization using Honeypots. Master Thesis
https://oasis-open.github.io/cti-documentation/stix/gettingstarted.html
Acknowledgements
We would like to thank to Centre for Development of Advanced Computing (C-DAC), Mohali for considering National Institute of Technology (NIT), Tiruchirappalli as a model deployment location under threat intelligence generation project.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Sanjeev, K., Janet, B., Eswari, R. (2020). Automated Cyber Threat Intelligence Generation from Honeypot Data. In: Ranganathan, G., Chen, J., Rocha, Á. (eds) Inventive Communication and Computational Technologies. Lecture Notes in Networks and Systems, vol 89. Springer, Singapore. https://doi.org/10.1007/978-981-15-0146-3_56
Download citation
DOI: https://doi.org/10.1007/978-981-15-0146-3_56
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-0145-6
Online ISBN: 978-981-15-0146-3
eBook Packages: EngineeringEngineering (R0)