Analysis of Honeypots in Detecting Tactics Techniques and Proce

The document summarizes research analyzing how threat actors may change their tactics, techniques and procedures (TTPs) based on the geographic location of their target's IP address. The research will construct a honeypot network across multiple continents to collect attack data concurrently from different locations. This will allow analysis of logs from vulnerable services commonly targeted to gain insight into threat actors' TTPs based on attributes like source IP, service type, and delivered executables. The goal is to provide firms insight into threat activities to help detect and defend against attacks earlier.

Uploaded by

Intelektualne usluge

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

51 views2 pages

Analysis of Honeypots in Detecting Tactics Techniques and Proce

Uploaded by

Intelektualne usluge

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 2

Kennesaw State University

DigitalCommons@Kennesaw State University

Symposium of Student Scholars

Analysis of Honeypots in detecting Tactics, Techniques, and

Procedure (TTP) changes in Threat Actors based on Source IP
Address
Carson Reynolds

Andy Green

Follow this and additional works at: https://digitalcommons.kennesaw.edu/undergradsymposiumksu

Part of the Information Security Commons, OS and Networks Commons, and the Theory and
Algorithms Commons

Reynolds, Carson and Green, Andy, "Analysis of Honeypots in detecting Tactics, Techniques, and
Procedure (TTP) changes in Threat Actors based on Source IP Address" (2023). Symposium of Student
Scholars. 341.
https://digitalcommons.kennesaw.edu/undergradsymposiumksu/spring2023/presentations/341

This Poster is brought to you for free and open access by the Office of Undergraduate Research at
DigitalCommons@Kennesaw State University. It has been accepted for inclusion in Symposium of Student
Scholars by an authorized administrator of DigitalCommons@Kennesaw State University. For more information,
please contact [email protected].
Research Abstract
The financial and national security impacts of cybercrime globally are well documented.
According to the 2020 FBI Internet Crime Report, financially motivated threat actors committed
86% of reported breaches, resulting in a total loss of approximately $4.1 billion in the United
States alone. In order to combat this, our research seeks to determine if threat actors change their
tactics, techniques, and procedures (TTPs) based on the geolocation of their target’s IP address.
We will construct a honeypot network distributed across multiple continents to collect attack
data from geographically separate locations concurrently to answer this research question. We
will configure the honeypots to offer vulnerable services and collect log data from the services
for analysis. This approach will allow us to aggregate log data about attacks against specific
services commonly targeted by threat actors. After we complete data collection, we will analyze
the data to gain insight into the TTPs used by the threat actors. The analysis will use collected
attack data attributes such as IP origin, service type, and executables delivered along with other
transport layer analysis techniques to provide metadata on threat actor TTPs. Once the analysis is
complete, we will have a greater insight into threat actor activities and produce a list of items that
firms can use to monitor, protect, and maintain their environments and to detect attacks earlier,
along with taking appropriate defensive action to lessen or eliminate the risk associated with
these attacks.