Your browser does not support JavaScript!

Causal analysis of attacks against honeypots based on properties of countries

Causal analysis of attacks against honeypots based on properties of countries

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

This study studies the influence of country attributes on the number of secure shell attacks originating from it detected by the author's honeynet. Four statistical models are described, based on three sources of data from various countries. The studied attributes of the countries can be broadly divided into demographic, technological, and economic, with each source providing a slightly different set of attributes. Statistical methods such as partial least-squares path modelling are used, clustering countries by their assessed similarity. The population size has the greatest effect on the number of attacks, as expected, though it has to be noted that developing countries did not provide relevant data to the sources used and thus were not included. The following influential attributes were technical such as the access to information and communication technologies (ICT), and the use of ICT, with the economic influence being notable only in rather small countries. The Netherlands was an interesting anomaly, being clustered alongside large countries, even though its country attributes were very much like those of its neighbours.


    1. 1)
      • 24. Hotelling, H.: ‘Analysis of a complex of statistical variables into principal components’, J. Educ. Psychol., 1933, 24, pp. 417441.
    2. 2)
      • 19. ‘Organisation for Economic Co-operation and Development (OECD)’. Available at, accessed April 2018.
    3. 3)
      • 29. Hardoon, D.R., Szedmak, S., Shawe-Taylor, J.: ‘Canonical correlation analysis: an overview with application to learning methods’, Neural Comput., 2004, 16, (12), pp. 26392664.
    4. 4)
      • 35. Ihaka, R., Gentleman, R.: ‘A language for data analysis and graphics’, J. Comput. Graph. Stat., 1996, 5, (3), pp. 299314.
    5. 5)
      • 39. ‘National Cyber Security Centre’. Available at, accessed April 2018.
    6. 6)
      • 16. ‘Service’. Available at, accessed April 2018.
    7. 7)
      • 9. Thonnard, O., Dacier, M.: ‘A framework for attack patterns’ discovery in honeynet data’. Digital Investigation, Baltimore, USA, 2008, pp. 128139.
    8. 8)
      • 25. Zuzčák, M., Sochor, T.: ‘Behavioral analysis of bot activity in infected systems using honeypots’. Computer Networks, Communications in Computer and Information Science, Lądek Zdrój, Poland, 2017, pp. 118133.
    9. 9)
      • 18. ‘The World Bank’. Available at, accessed April 2018.
    10. 10)
      • 6. Balas, E., Viecco, C.: ‘Towards a third generation data capture architecture for honeynets’. Proc. from the Sixth Annual IEEE Systems, Man and Cybernetics (SMC) Information Assurance Workshop, West Point, NY, USA, 2005, pp. 2128.
    11. 11)
      • 34. Sanchez, G.: ‘PLS path modeling with R’, Trowchez Editions, Berkeley, 2013.
    12. 12)
      • 13. Soldo, F., Le, A., Markopoulou, A.: ‘Blacklisting recommendation system: using spatio-temporal patterns to predict future attacks’, IEEE J. Sel. Areas Commun., 2011, 29, (7), pp. 14231437.
    13. 13)
      • 27. Guha, S., Rastogi, R., Shim, K.: ‘ROCK: a robust clustering algorithm for categorical attributes’. Proc. 15th Int. Conf. Data Engineering, Sydney, NSW, Australia, 1999, pp. 512521.
    14. 14)
      • 12. Sochor, T., Zuzčák, M., Bujok, P.: ‘Analysis of attackers against windows emulating honeypots in various types of networks and regions’. Eighth Int. Conf. Ubiquitous and Future Networks (ICUFN), Vienna, Austria, 2016, pp. 863868.
    15. 15)
      • 37. Zanin, L.: ‘Detecting unobserved heterogeneity in the relationship between subjective well-being and satisfaction in various domains of life using the REBUS-PLS path modelling approach: a case study’, Soc. Indicators Res., 2011, 110, (1), pp. 281304.
    16. 16)
      • 38. ‘HoneyNED chapter had a busy 2017’. Available at, accessed April 2018.
    17. 17)
      • 15. ‘CZ-NIC LABS CSIRT.CZ – Kippo fork’. Available at, accessed April 2018.
    18. 18)
      • 17. Sochor, T., Zuzčák, M., Bujok, P.: ‘Statistical analysis of attacking autonomous systems’. Int. Conf. Cyber Security and Protection of Digital Services (Cyber Security), 2016, pp. 16.
    19. 19)
      • 14. Sokol, P., Kleinova, L., Husak, M.: ‘Study of attack using honeypots and honeynets lessons learned from time-oriented visualization’. IEEE EUROCON 2015 – Int. Conf. Computer as a Tool (EUROCON), Salamanca, Spain, 2015, pp. 16.
    20. 20)
      • 1. Safa, N.S., Maple, C., Watson, T., et al: ‘Information security collaboration formation in organisations’, IET Inf. Sec., 2018, 12, (3), pp. 238245(7).
    21. 21)
      • 11. Skrzewski, M.: ‘Network malware activity – a view from honeypot systems’. Computer Networks, Communications in Computer and Information Science, Szczyrk, Poland, 2012, pp. 198206.
    22. 22)
      • 32. Geladi, P.: ‘Notes on the history and nature of partial least squares (PLS) modelling’, J. Chemometr., 1988, 2, (4), pp. 231246.
    23. 23)
      • 20. ‘Eurostat’. Available at, accessed April 2018.
    24. 24)
      • 7. Sokol, P., Kopcova, V.: ‘Lessons learned from correlation of honeypots’ data and spatial data’. Eighth Int. Conf. Electronics, Computers and Artificial Intelligence (ECAI), Ploiesti, Romania, 2016, pp. 18.
    25. 25)
      • 4. Kim, I.S., Kim, M.H.: ‘Agent-based honeynet framework for protecting servers in campus networks’, IET Inf. Sec., 2012, 6, (3), pp. 202211(9).
    26. 26)
      • 31. Wold, H.: ‘Models for knowledge’, in Gani, J. (Ed.): ‘The making of statisticians’ (Springer-Verlag, New York, USA, 1982), pp. 189212.
    27. 27)
      • 22. MacQueen, J.: ‘Some methods for classification and analysis of multivariate observations’. Proc. Fifth Berkeley Symp. Mathematical Statistics and Probability, Berkeley, 1967, 1: Statistics, pp. 281297.
    28. 28)
      • 2. Spotzner, L.: ‘Honeypots: tracking hackers’ (Addison Wesley Longman Publishing Co., Inc., USA, 2002).
    29. 29)
      • 30. González, I., Déjean, S., Martin, P., et al: ‘CCA: an R package to extend canonical correlation analysis’, J. Stat. Softw., 2008, 23, (12), pp. 114.
    30. 30)
      • 3. Joshi, C.R., Sardana, A.: ‘Honeypots a new paradigm to information security’ (Science Publishers, USA, 2011).
    31. 31)
      • 23. Hartigan, J.A., Wong, M.A.: ‘A K-means clustering algorithm’, J. R. Stat. Soc. Ser. C (Appl. Stat.), 1979, 28, (1), pp. 100108.
    32. 32)
      • 26. Fichet, B.: ‘Distances and Euclidean distances for presence–absence characters and their application to factor analysis’. Proc. Workshop Multidimensional Data Analysis, Cambridge, 1986, pp. 2346.
    33. 33)
      • 36. ‘Introduction to the R package plspms’. Available at, accessed April 2018.
    34. 34)
      • 10. Tang, M.J., Alazab, M., Luo, Y.: ‘Exploiting vulnerability disclosures: statistical framework and case study’. Cybersecurity and Cyberforensics Conf. (CCC), Amman, Jordan, 2016, pp. 117122.
    35. 35)
      • 28. Koyuturk, M., Grama, A., Ramakrishnan, N.: ‘Compression, clustering, and pattern discovery in very high-dimensional discrete-attribute data sets’, IEEE Trans. Knowl. Data Eng., 2005, 17, (4), pp. 447461.
    36. 36)
      • 33. Tenenhaus, M., Vinzi, V.E.: ‘PLS regression, PLS path modeling and generalized Procrustean analysis: a combined approach for multiblock analysis’, J. Chemometr., 2005, 19, pp. 145153.
    37. 37)
      • 8. Canto, J., Dacier, M., Kirda, E., et al: ‘Large scale malware collection: lessons learned’. IEEE SRDS Workshop on Sharing Field Data and Experiment Measurements on Resilience of Distributed Computing Systems, Napoli, Italy, 2008.
    38. 38)
      • 5. Grudziecki, T., Jacewicz, P., Juszczyk, Ł., et al: ‘Proactive detection of security incidents honeypots’ (ENISA Publication, Greece, 2012).
    39. 39)
      • 21. ‘Eurostat: ICT security in enterprises’. Available at, accessed April 2018.

Related content

This is a required field
Please enter a valid email address