Using honeypots to study skill level of attackers based on the exploited vulnerabilities in the network

Abstract

Malware in the form of computer viruses, worms, trojan horses, rootkits, and spyware acts as a major threat to the security of networks and creates significant security risks to the organizations. In order to protect the networked systems against these kinds of threats and try to find methods to stop at least some part of them, we must learn more about their behavior, and also methods and tactics of the attackers, which attack our networks. This thesis makes a practical analysis of observed attacks and exploited vulnerabilities using honeypots in an organization network. Based on this,we study the attackers' behavior and in particular the skill level of the attackers once they gain access to the honeypot systems. The first part of the work describes: i) the honeypot architecture as well as implementation details so that we can observe the attackers behavior and ii) proposed hybrid honeypot solution which will be used in the future work. The second part presents: i) the detailed analysis and classification of the attacks and vulnerabilities, which are used by the attackers and ii) the attackers' skill level based on the exploited vulnerabilities.