Review and Analysis of Cowrie Artefacts and Their Potential to be Used Deceptively

Cabral, Warren Z.; Valli, Craig; Sikos, Leslie F.; Wakeling, Samuel G.

doi:10.1109/csci49370.2019.00035

Cited by 26 publications

(15 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Furthermore, the GPT-2 small size model is easy to fine-tune and the weight of the model can adapt better to honeypot logs data [16]. Our data contains 36,445 unique commands and was split into training (32,801), validation (3,645) and test (999) sets. We used two epochs and a batch size of two, depending on the maximum sequence length and GPU memory.…”

Section: A Training Datamentioning

confidence: 99%

“…Cowrie is a virtual Secure Shell (SSH) and Telnet honeypot, utilized to continuously monitor brute force attacks, by producing log files capturing the actions of malicious users. However, they can be easily identified by adversaries, since they are rarely customized to systems, due to the lack of standard frameworks [3]. To better understand and leverage the deceptive capabilities of Cowrie, it is important to automate the parsing methodologies of the log files produced.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

GPT-2C: A GPT-2 parser for Cowrie honeypot logs

Setianto,

Tsani,

Sadiq

et al. 2021

Preprint

View full text Add to dashboard Cite

Deception technologies like honeypots produce comprehensive log reports, but often lack interoperability with EDR and SIEM technologies. A key bottleneck is that existing information transformation plugins perform well on static logs (e.g. geolocation), but face limitations when it comes to parsing dynamic log topics (e.g. user-generated content). In this paper, we present a run-time system (GPT-2C) that leverages large pre-trained models (GPT-2) to parse dynamic logs generate by a Cowrie SSH honeypot. Our fine-tuned model achieves 89% inference accuracy in the new domain and demonstrates acceptable execution latency.

show abstract

Section: A Training Datamentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

GPT-2C: A GPT-2 parser for Cowrie honeypot logs

Setianto,

Tsani,

Sadiq

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Beberapa studi telah mengkaji terkait keamanan jaringan menggunakan IPS cowrie honepot dan snort inline-mode. [8] memodifikasi konfigurasi default variabel cowrie untuk meningkatkan kemampuan cowrie, hasil studi memberikan informasi terkait peningkatan kemampuan cowrie. Sementara itu [9] melakukan eksperimen menggunakan program cowrie untuk melindungi port SSH yang terbuka di server infrastruktur jaringan perbankan, hasil percobaan cowrie mampu mengidentifikasi tindakan penyerangan.…”

Section: Pendahuluanunclassified

Keamanan Jaringan dengan Cowrie Honeypot dan Snort Inline-Mode sebagai Intrusion Prevention System

Ernawati¹,

Rachmat²

2021

RESTI

View full text Add to dashboard Cite

Computer network systems have been designing to share resources. Sharing resources process, data security, and confidentiality are main issues in anticipating misuse of the access to information by unauthorized parties. The solution to anticipating these problems is the availability of a security system capable of handling various intruders who threaten the system and protect network resources. This study builds and analyzes the performance of computer network security using cowrie honeypot and snort inline-mode as an Intrusion Prevention System (IPS). The development process goes through the stages of analysis, design, implementation, and monitoring. The content analysis method has been using to explore the problems and requirements of the system built. The security system was build by configuring the IP address and network system devices (server, remote admin, client attacker). The test has been carrying out on 3 test parameters (confidentiality, availability, and integrity), comparison testing method has been using to test the integrity parameters. The test results indicate that the system functionality test for user needs have fulfilled, the results of the confidentiality test (83.3%), availability (93.3%), and the integrity of the inline-mode snort show faster response time (0.069 seconds on average) and more CPU resource usage efficient (0.04% average) than the cowrie honeypot. IPS snort inline-mode overall integrity parameter testing is more recommended for used network security systems than cowrie honeypots.

show abstract

“…Lowinteraction honeypots normally imitate real systems and have restricted communication with cyberattackers; whereas, high-interaction honeypots are normally real systems that have unrestricted communication with cyberattackers [38]. Medium-interaction honeypots have greater ability to communicate with cyberattackers than low-interaction honeypots, however, they have less functionality than highinteraction honeypots [7]. Honeypots can be a crucial active defence tool for organisations or researchers in an attempt to discover advanced attacks and related techniques which are not possible through other security tools; however, for effective operation, additional cost and skills are required in their design and management.…”

Section: Honeypotsmentioning

confidence: 99%

A computational intelligence enabled honeypot for chasing ghosts in the wires

Naik

Jenkins

Savage

et al. 2020

Complex Intell. Syst.

View full text Add to dashboard Cite

A honeypot is a concealed security system that functions as a decoy to entice cyberattackers to reveal their information. Therefore, it is essential to disguise its identity to ensure its successful operation. Nonetheless, cyberattackers frequently attempt to uncover these honeypots; one of the most effective techniques for revealing their identity is a fingerprinting attack. Once identified, a honeypot can be exploited as a zombie by an attacker to attack others. Several effective techniques are available to prevent a fingerprinting attack, however, that would be contrary to the purpose of a honeypot, which is designed to interact with attackers to attempt to discover information relating to them. A technique to discover any attempted fingerprinting attack is highly desirable, for honeypots, while interacting with cyberattackers. Unfortunately, no specific method is available to detect and predict an attempted fingerprinting attack in real-time due to the difficulty of isolating it from other attacks. This paper presents a computational intelligence enabled honeypot that is capable of discovering and predicting an attempted fingerprinting attack by using a Principal components analysis and Fuzzy inference system. This proposed system is successfully tested against the five popular fingerprinting tools Nmap, Xprobe2, NetScanTools Pro, SinFP3 and Nessus.

show abstract

Review and Analysis of Cowrie Artefacts and Their Potential to be Used Deceptively

Cited by 26 publications

References 14 publications

GPT-2C: A GPT-2 parser for Cowrie honeypot logs

GPT-2C: A GPT-2 parser for Cowrie honeypot logs

Keamanan Jaringan dengan Cowrie Honeypot dan Snort Inline-Mode sebagai Intrusion Prevention System

A computational intelligence enabled honeypot for chasing ghosts in the wires

Contact Info

Product

Resources

About