yes / Cyber attacks are increasing in every aspect of daily
life. There are a number of different technologies around to
tackle cyber-attacks, such as Intrusion Detection Systems (IDS),
Intrusion Prevention Systems (IPS), firewalls, switches, routers
etc., which are active round the clock. These systems generate
alerts and prevent cyber attacks. This is not a straightforward
solution however, as IDSs generate a huge volume of alerts that
may or may not be accurate: potentially resulting in a large
number of false positives. In most cases therefore, these alerts
are too many in number to handle. In addition, it is impossible to
prevent cyber-attacks simply by using tools. Instead, it requires
greater intelligence in order to fully understand an adversary’s
motive by analysing various types of Indicator of Compromise
(IoC). Also, it is important for the IT employees to have enough
knowledge to identify true positive attacks and act according to
the incident response process.
In this paper, we have proposed a new threat intelligence
technique which is evaluated by analysing honeypot log data to
identify behaviour of attackers to find attack patterns. To achieve
this goal, we have deployed a honeypot on an AWS cloud to
collect cyber incident log data. The log data is analysed by using
elasticsearch technology namely an ELK (Elasticsearch, Logstash
and Kibana) stack.
Identifer | oai:union.ndltd.org:BRADFORD/oai:bradscholars.brad.ac.uk:10454/16385 |
Date | 18 May 2018 |
Creators | Al-Mohannadi, Hamad, Awan, Irfan U., Al Hamar, J., Cullen, Andrea J., Disso, Jules P., Armitage, Lorna |
Source Sets | Bradford Scholars |
Language | English |
Detected Language | English |
Type | Conference paper, Accepted Manuscript |
Rights | © 2018IEEE. Reproduced in accordance with the publisher's self-archiving policy. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. |
Relation | http://voyager.ce.fit.ac.jp/conf/aina/2018/ |
Page generated in 0.0022 seconds