Causal analysis of attacks against honeypots based on properties of countries

Causal analysis of attacks against honeypots based on properties of countries

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

This study studies the influence of country attributes on the number of secure shell attacks originating from it detected by the author's honeynet. Four statistical models are described, based on three sources of data from various countries. The studied attributes of the countries can be broadly divided into demographic, technological, and economic, with each source providing a slightly different set of attributes. Statistical methods such as partial least-squares path modelling are used, clustering countries by their assessed similarity. The population size has the greatest effect on the number of attacks, as expected, though it has to be noted that developing countries did not provide relevant data to the sources used and thus were not included. The following influential attributes were technical such as the access to information and communication technologies (ICT), and the use of ICT, with the economic influence being notable only in rather small countries. The Netherlands was an interesting anomaly, being clustered alongside large countries, even though its country attributes were very much like those of its neighbours.


    1. 1)
      • 1. Safa, N.S., Maple, C., Watson, T., et al: ‘Information security collaboration formation in organisations’, IET Inf. Sec., 2018, 12, (3), pp. 238245(7).
    2. 2)
      • 2. Spotzner, L.: ‘Honeypots: tracking hackers’ (Addison Wesley Longman Publishing Co., Inc., USA, 2002).
    3. 3)
      • 3. Joshi, C.R., Sardana, A.: ‘Honeypots a new paradigm to information security’ (Science Publishers, USA, 2011).
    4. 4)
      • 4. Kim, I.S., Kim, M.H.: ‘Agent-based honeynet framework for protecting servers in campus networks’, IET Inf. Sec., 2012, 6, (3), pp. 202211(9).
    5. 5)
      • 5. Grudziecki, T., Jacewicz, P., Juszczyk, Ł., et al: ‘Proactive detection of security incidents honeypots’ (ENISA Publication, Greece, 2012).
    6. 6)
      • 6. Balas, E., Viecco, C.: ‘Towards a third generation data capture architecture for honeynets’. Proc. from the Sixth Annual IEEE Systems, Man and Cybernetics (SMC) Information Assurance Workshop, West Point, NY, USA, 2005, pp. 2128.
    7. 7)
      • 7. Sokol, P., Kopcova, V.: ‘Lessons learned from correlation of honeypots’ data and spatial data’. Eighth Int. Conf. Electronics, Computers and Artificial Intelligence (ECAI), Ploiesti, Romania, 2016, pp. 18.
    8. 8)
      • 8. Canto, J., Dacier, M., Kirda, E., et al: ‘Large scale malware collection: lessons learned’. IEEE SRDS Workshop on Sharing Field Data and Experiment Measurements on Resilience of Distributed Computing Systems, Napoli, Italy, 2008.
    9. 9)
      • 9. Thonnard, O., Dacier, M.: ‘A framework for attack patterns’ discovery in honeynet data’. Digital Investigation, Baltimore, USA, 2008, pp. 128139.
    10. 10)
      • 10. Tang, M.J., Alazab, M., Luo, Y.: ‘Exploiting vulnerability disclosures: statistical framework and case study’. Cybersecurity and Cyberforensics Conf. (CCC), Amman, Jordan, 2016, pp. 117122.
    11. 11)
      • 11. Skrzewski, M.: ‘Network malware activity – a view from honeypot systems’. Computer Networks, Communications in Computer and Information Science, Szczyrk, Poland, 2012, pp. 198206.
    12. 12)
      • 12. Sochor, T., Zuzčák, M., Bujok, P.: ‘Analysis of attackers against windows emulating honeypots in various types of networks and regions’. Eighth Int. Conf. Ubiquitous and Future Networks (ICUFN), Vienna, Austria, 2016, pp. 863868.
    13. 13)
      • 13. Soldo, F., Le, A., Markopoulou, A.: ‘Blacklisting recommendation system: using spatio-temporal patterns to predict future attacks’, IEEE J. Sel. Areas Commun., 2011, 29, (7), pp. 14231437.
    14. 14)
      • 14. Sokol, P., Kleinova, L., Husak, M.: ‘Study of attack using honeypots and honeynets lessons learned from time-oriented visualization’. IEEE EUROCON 2015 – Int. Conf. Computer as a Tool (EUROCON), Salamanca, Spain, 2015, pp. 16.
    15. 15)
      • 15. ‘CZ-NIC LABS CSIRT.CZ – Kippo fork’. Available at, accessed April 2018.
    16. 16)
      • 16. ‘Service’. Available at, accessed April 2018.
    17. 17)
      • 17. Sochor, T., Zuzčák, M., Bujok, P.: ‘Statistical analysis of attacking autonomous systems’. Int. Conf. Cyber Security and Protection of Digital Services (Cyber Security), 2016, pp. 16.
    18. 18)
      • 18. ‘The World Bank’. Available at, accessed April 2018.
    19. 19)
      • 19. ‘Organisation for Economic Co-operation and Development (OECD)’. Available at, accessed April 2018.
    20. 20)
      • 20. ‘Eurostat’. Available at, accessed April 2018.
    21. 21)
      • 21. ‘Eurostat: ICT security in enterprises’. Available at, accessed April 2018.
    22. 22)
      • 22. MacQueen, J.: ‘Some methods for classification and analysis of multivariate observations’. Proc. Fifth Berkeley Symp. Mathematical Statistics and Probability, Berkeley, 1967, 1: Statistics, pp. 281297.
    23. 23)
      • 23. Hartigan, J.A., Wong, M.A.: ‘A K-means clustering algorithm’, J. R. Stat. Soc. Ser. C (Appl. Stat.), 1979, 28, (1), pp. 100108.
    24. 24)
      • 24. Hotelling, H.: ‘Analysis of a complex of statistical variables into principal components’, J. Educ. Psychol., 1933, 24, pp. 417441.
    25. 25)
      • 25. Zuzčák, M., Sochor, T.: ‘Behavioral analysis of bot activity in infected systems using honeypots’. Computer Networks, Communications in Computer and Information Science, Lądek Zdrój, Poland, 2017, pp. 118133.
    26. 26)
      • 26. Fichet, B.: ‘Distances and Euclidean distances for presence–absence characters and their application to factor analysis’. Proc. Workshop Multidimensional Data Analysis, Cambridge, 1986, pp. 2346.
    27. 27)
      • 27. Guha, S., Rastogi, R., Shim, K.: ‘ROCK: a robust clustering algorithm for categorical attributes’. Proc. 15th Int. Conf. Data Engineering, Sydney, NSW, Australia, 1999, pp. 512521.
    28. 28)
      • 28. Koyuturk, M., Grama, A., Ramakrishnan, N.: ‘Compression, clustering, and pattern discovery in very high-dimensional discrete-attribute data sets’, IEEE Trans. Knowl. Data Eng., 2005, 17, (4), pp. 447461.
    29. 29)
      • 29. Hardoon, D.R., Szedmak, S., Shawe-Taylor, J.: ‘Canonical correlation analysis: an overview with application to learning methods’, Neural Comput., 2004, 16, (12), pp. 26392664.
    30. 30)
      • 30. González, I., Déjean, S., Martin, P., et al: ‘CCA: an R package to extend canonical correlation analysis’, J. Stat. Softw., 2008, 23, (12), pp. 114.
    31. 31)
      • 31. Wold, H.: ‘Models for knowledge’, in Gani, J. (Ed.): ‘The making of statisticians’ (Springer-Verlag, New York, USA, 1982), pp. 189212.
    32. 32)
      • 32. Geladi, P.: ‘Notes on the history and nature of partial least squares (PLS) modelling’, J. Chemometr., 1988, 2, (4), pp. 231246.
    33. 33)
      • 33. Tenenhaus, M., Vinzi, V.E.: ‘PLS regression, PLS path modeling and generalized Procrustean analysis: a combined approach for multiblock analysis’, J. Chemometr., 2005, 19, pp. 145153.
    34. 34)
      • 34. Sanchez, G.: ‘PLS path modeling with R’, Trowchez Editions, Berkeley, 2013.
    35. 35)
      • 35. Ihaka, R., Gentleman, R.: ‘A language for data analysis and graphics’, J. Comput. Graph. Stat., 1996, 5, (3), pp. 299314.
    36. 36)
      • 36. ‘Introduction to the R package plspms’. Available at, accessed April 2018.
    37. 37)
      • 37. Zanin, L.: ‘Detecting unobserved heterogeneity in the relationship between subjective well-being and satisfaction in various domains of life using the REBUS-PLS path modelling approach: a case study’, Soc. Indicators Res., 2011, 110, (1), pp. 281304.
    38. 38)
      • 38. ‘HoneyNED chapter had a busy 2017’. Available at, accessed April 2018.
    39. 39)
      • 39. ‘National Cyber Security Centre’. Available at, accessed April 2018.

Related content

This is a required field
Please enter a valid email address