An experimental study on cloud honeypot and data visualization using ELK stack

Document Type : Research Paper

Authors

1 Faculty of Computer and Mathematical Sciences, Universiti Teknologi MARA Shah Alam, 40450 Shah Alam, Selangor Darul Ehsan, Malaysia

2 Faculty of Computer and Mathematical Sciences, Universiti Teknologi MARA Melaka Kampus Jasin, 77300 Merlimau Melaka, Malaysia

Abstract

Nowadays, companies have been moving their IT infrastructure from own data centers to specialized public cloud providers. While there are cost benefits, the security issue is one of the major concerns in cloud computing due to the number of companies that use cloud storage to save their personal data keep increasing. Many honeypots have been used in the past, but they were difficult to use due to a lack of data visualization and attack analysis. To learn more about attackers, their motivations and techniques, honeypots are used to investigate how attackers attempt to hack an information system and provide useful insight into potential security flaws. This honeypot allows to monitor attacks by pretending to be actual machines with valuable and sensitive data, such that attackers interact with them. For this research, honeypot was set up on DigitalOcean cloud and the experimental method performs and result of the implementation in this research use real attack since the honeypot deployed on the cloud and exposed to the Internet. The results show that Cowrie honeypot able to collect data that is valuable to security researcher or network administrator for future research to make analysis. It is believed by implementing Cowrie honeypot using ELK stack on cloud platform will assist on detection and prevention for SSH attacks.

Keywords

[1] D. Afriyantari, P. Putri and A. Rachmawati, Honeypot cowrie implementation to protect SSH protocol in ubuntu
server with visualisation using kippo-graph, International Journal of Advanced Trends in Computer Science and
Engineering, 8 (6) (2019), https://doi.org/10.30534/ijatcse/2019/86862019.
[2] A. Bryk, Cloud Computing Attacks: A New Vector for Cyber Attacks, (2020), Retrieved from Apriorit:
https://www.apriorit.com/dev-blog/523-cloud-computing-cyber-attacks.
[3] R. B. Buyya, Cloud computing: Principles and paradigms, John Wiley & Sons, 87 (2010).[4] I. D. Cahyani, Sistem keamanan enkripsi secure shell (ssh) untuk keamanan data, J. Tek. Elektron. Fak Tek. Uni.
Pandanaran, (2011) 1–8.
[5] M. P. Dhruvi Vadaviya and D. M. Abdul Jhummarwala, Malware detection using honeypot and malware prevention, International Journal of Computer Engineering and Technology (IJCET) (2019) 1-9.
[6] S. Dowling, M. Schukat and E. Barrett, Improving adaptive honeypot functionality with efficient reinforcement
learning parameters for automated malware, J. Cyber Secur. Tech., 2 (2) (2018) 75–91.
[7] E. Fontana, ELK stack — Elasticsearch, (2020), Retrieved from Betacom: https://medium.com/betacom/elkstack-elasticsearch-5bfbfebccb7f .
[8] L. M. Harry Doubleday and H. Janicke, SSH honeypot: Building, deploying and analysis, International Journal
of Advanced Computer Science and Applications(ijacsa), (2016).
[9] G. P. Ioannis Koniaris and P. Nicopolitidis, Analysis and visualization of SSH attacks using honeypots, Zagreb,
Croatia: IEEE. , (2013).
[10] D. Kavyashri, Different types of data mining clustering algorithms and examples, (2018). Retrieved from
DWgeek.com: https://dwgeek.com/various-data-mining-clustering-algorithms-examples.html/
[11] S. Paliwal, Honeypot: A trap for attackers, International Journal of Advanced Research in Computer and Communication Engineering, (2017).
[12] A. Ramya, Securing the system using honeypot in cloud, International Journal of Multidisciplinary Research and
Development, (2015) 172-176.
[13] S. Rani and R. Nagpal, Penetration testing using metasploit framework : An ethical approach, Int. Res. J. Eng.
Technol., 6 (8) (2019) 538–542.
[14] W. Rowe, What is the ELK Stack?, (2019). Retrieved from bmc blogs: https://www.bmc.com/blogs/elk-stack/.
[15] S. Sharma, Detection and analysis of network & application layer attacks using maya moneypot, 2016 6th International Conference - Cloud System and Big Data Engineering (Confluence). Noida, India: IEEE, (2016).
[16] P. A. M. Solomon Zemene, Implementing high interaction honeypot to study SSH attacks, 2015 International
Conference on Advances in Computing, Communications and Informatics (ICACCI). Kochi, India: IEEE , (2015).
[17] N. Syuhada Selamat, Polymorphic malware detection based on dynamic analysis and supervised machine learning,
MSc dissertation, Faculty of Computer and Mathematical Sciences, Universiti Teknologi MARA, 2021. Accessed
on: 1 August 2021.
Volume 12, Special Issue
December 2021
Pages 1117-1132
  • Receive Date: 12 June 2021
  • Accept Date: 19 September 2021