Title

Advanced cowrie configuration to increase honeypot deceptiveness

Author Identifier

Craig Valli

ORCID : 0000-0002-2298-9791

Leslie Sikos

ORCID : 0000-0003-3368-2215

Document Type

Conference Proceeding

Publication Title

ICT Systems Security and Privacy Protection: 36th IFIP TC 11 International Conference, SEC 2021, Oslo, Norway, June 22–24, 2021, Proceedings

Publisher

Springer

School

School of Science / ECU Security Research Institute

RAS ID

36020

Funders

Cyber Security Research Centre Australian Government's Cooperative Research Centres program

Comments

Cabral, W. Z., Valli, C., Sikos, L. F., & Wakeling, S. G. (2021). Advanced cowrie configuration to increase honeypot deceptiveness. In ICT Systems Security and Privacy Protection: 36th IFIP TC 11 International Conference, SEC 2021, Oslo, Norway, June 22–24, 2021, Proceedings (pp. 317-331). Springer, Cham. https://doi.org/10.1007/978-3-030-78120-0_21

Abstract

Cowrie is a medium-interaction SSH, and Telnet honeypot used to record brute force attacks and SSH requests. Cowrie utilizes a Python codebase, which is maintained and publicly available on GitHub. Since its source code is publicly released, not only security specialists but cybercriminals can also analyze it. Nonetheless, cybersecurity specialists deploy most honeypots with default configurations. This outcome is because modern computer systems and infrastructures do not provide a standard framework for optimal deployment of these honeypots based on the various configuration options available to produce a non-default configuration. This option would allow them to act as effective deceptive systems. Honeypot deployments with default configuration settings are easier to detect because cybercriminals have known scripts and tools such as NMAP and Shodan for identifying them. This research aims to develop a framework that enables for the customized configuration of the Cowrie honeypot, thereby enhancing its functionality to achieve a high degree of deceptiveness and realism when presented to the Internet. A comparison between the default and configured deployments is further conducted to prove the modified deployments’ effectiveness.

DOI

10.1007/978-3-030-78120-0_21

Access Rights

subscription content

Research Themes

Securing Digital Futures

Priority Areas

Secure systems

Share

 
COinS