An experimental study on cloud honeypot and data visualization using ELK stack

Document Type : Research Paper

Authors

1 Faculty of Computer and Mathematical Sciences, Universiti Teknologi MARA Shah Alam, 40450 Shah Alam, Selangor Darul Ehsan, Malaysia

2 Faculty of Computer and Mathematical Sciences, Universiti Teknologi MARA Melaka Kampus Jasin, 77300 Merlimau Melaka, Malaysia

Abstract

Nowadays, companies have been moving their IT infrastructure from own data centers to specialized public cloud providers. While there are cost benefits, the security issue is one of the major concerns in cloud computing due to the number of companies that use cloud storage to save their personal data keep increasing. Many honeypots have been used in the past, but they were difficult to use due to a lack of data visualization and attack analysis. To learn more about attackers, their motivations and techniques, honeypots are used to investigate how attackers attempt to hack an information system and provide useful insight into potential security flaws. This honeypot allows to monitor attacks by pretending to be actual machines with valuable and sensitive data, such that attackers interact with them. For this research, honeypot was set up on DigitalOcean cloud and the experimental method performs and result of the implementation in this research use real attack since the honeypot deployed on the cloud and exposed to the Internet. The results show that Cowrie honeypot able to collect data that is valuable to security researcher or network administrator for future research to make analysis. It is believed by implementing Cowrie honeypot using ELK stack on cloud platform will assist on detection and prevention for SSH attacks.

Keywords