State-of-the-art evaluation of low and medium interaction honeypot for malware collection

Behnam, A. (2016). State-of-the-art evaluation of low and medium interaction honeypot for malware collection (MSc ASDF Dissertation). Edinburgh Napier University (Celice, C., Macfarlane, R.).



Honeypots are decoy systems that present them self as vulnerable devices to attract attackers, where the activities of the attackers is logged, collected and analysed. Since the breakthrough of honeypots in 2001, major changes have been made since to the way of honeypots operate. The changes made are heavily inspired by the existence of new methods of attack and malware used by attackers. The recent focuses of honeypots have been to collect malware, due to the rapid increase of malware production in the world.
The current research on honeypots mostly explores the general concept of honeypots and at times the comparison between honeypots at the same interaction level. Unfortunately the current research is at times out of date as it explores older honeypots, which are sometimes even discontinued. This creates a gap in the current literature review on the evaluation of the new malware honeypots.
This thesis aims to evaluate the latest low and medium interaction malware collection honeypots, namely Amun honeypot from the low interaction category and Cowrie from the medium interaction honeypot. To do so, two series of experiments have been designed and implemented, intending to document the performance of the honeypots when collecting malware and various types of attacks. The outcome of the experiments is then compared with previous related experiments and against other popular matching interaction levels honeypots.
This thesis demonstrates a range of successful collection of malware from Amun and Cowrie. The results of the experiments have shown a tremendous high amount of malware collection, attacks, which used to evaluate the performance of two honeypots. The malware captured has also been statically analysed to provide a more in-depth understanding of the collected type of malware
[Read More]


Areas of Expertise

Electronic information now plays a vital role in almost every aspect of our daily lives. So the need for a secure and trustworthy online infrastructure is more important than ever. without it, not only the growth of the internet but our personal interactions and the economy itself could be at risk.

Associated Projects

    Keywords: cyber security