Advanced cowrie configuration to increase honeypot deceptiveness
Abstract
Cowrie is a medium-interaction SSH, and Telnet honeypot used to record brute force attacks and SSH requests. Cowrie utilizes a Python codebase, which is maintained and publicly available on GitHub. Since its source code is publicly released, not only security specialists but cybercriminals can also analyze it. Nonetheless, cybersecurity specialists deploy most honeypots with default configurations. This outcome is because modern computer systems and infrastructures do not provide a standard framework for optimal deployment of these honeypots based on the various configuration options available to produce a non-default configuration. This option would allow them to act as effective deceptive systems. Honeypot deployments with default configuration settings are easier to detect because cybercriminals have known scripts and tools such as NMAP and Shodan for identifying them. This research aims to develop a framework that enables for the customized configuration of the Cowrie honeypot, thereby enhancing its functionality to achieve a high degree of deceptiveness and realism when presented to the Internet. A comparison between the default and configured deployments is further conducted to prove the modified deployments’ effectiveness.
RAS ID
36020
Document Type
Conference Proceeding
Date of Publication
2021
Funding Information
Cyber Security Research Centre
Australian Government's Cooperative Research Centres program
School
School of Science / ECU Security Research Institute
Copyright
subscription content
Publisher
Springer
Comments
Cabral, W. Z., Valli, C., Sikos, L. F., & Wakeling, S. G. (2021). Advanced cowrie configuration to increase honeypot deceptiveness. In ICT Systems Security and Privacy Protection: 36th IFIP TC 11 International Conference, SEC 2021, Oslo, Norway, June 22–24, 2021, Proceedings (pp. 317-331). Springer, Cham. https://doi.org/10.1007/978-3-030-78120-0_21