YAAS – On the Attribution of Honeypot Data

International Journal On Cyber Situational Awareness (IJCSA)

ISSN: (Print) 2057-2182 ISSN: (Online) 2057-2182

DOI: 10.22619/IJCSA

Published Semi-annually. Est. 2014


Dr Cyril Onwubiko, Chair – Cyber Security & Intelligence, E-Security Group, Research Series, London, UK; IEEE UK & Ireland Section Secretary

Associate Editors:

Professor Frank Wang, Head of School / Professor of Future Computing, Chair IEEE Computer Society, UK&RI, School of Computing, University of Kent, Canterbury, UK

Dr Thomas Owens, Senior Lecturer & Director of Quality, Department of Electronic and Computer Engineering, Brunel University, London, UK

YAAS – On the Attribution of Honeypot Data

Daniel Fraunholz, Daniel Krohmer, Simon Duque Antón, and Hans Dieter Schotten


One of the major issues in digital forensics and attack analysis is the attribution of an attack to a type of malicious adversary. This is especially important to determine the relevance of an incident with respect to the threat it poses to a system. In this work, a holistic scheme to derive characteristics from honeypot data and to map this data to an attacker model is introduced. This scheme takes data that is provided by deception systems of any kind. After that, characteristics are derived that describe different attributes of an attacker. Those are used to categorise threats into one of nine attacker classes. This scheme has been evaluated with real world honeypot data. As expected, most attacks are rather harmless, but a few outliers have been identified.

Keyword: Information Security, Network Security, Deception System, Honeypot, IT-Forensic, Visualisation.

ISSN: 2057-2182

Volume 2. No. 1

DOI: 10.22619/IJCSA.2017.100113

Date: Nov. 2017

Reference to this paper should be made as follows: Fraunholz D., Krohmer D., Duque Antón S., Schotten H. D. (2017). YAAS – On the Attribution of Honeypot Data. International Journal on Cyber Situational Awareness, Vol. 2, No. 1, pp31-48.

PDF Download