Long-Term Study of Honeypots in a Public Cloud
- Rakshit Agrawal ,
- Jack W. Stokes ,
- Lukas Rist ,
- Ryan Littlefield ,
- Xun Fan ,
- Ken Hollis ,
- Zane Coppedge ,
- Noah Chesterman ,
- Christian Seifert
2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks |
Published by IEEE | Organized by IEEE
Public cloud hosting environments offer convenient computation and storage resources for cloud service providers, and these resources are also beneficial for adversaries to host malicious web-based attacks. As a result, cloud-based virtual machines are often attacked. In the paper, we conduct a long-term deployment and analysis of honeypots in a public cloud hosting environment. In particular, we deploy five low-interaction honeypots and one medium-interaction honeypot and measure the attack patterns over eleven months. In our study, we found that the low-interaction honeypots were attacked repeatedly, but the activity on the medium-interaction honeypot was small. We first provide an overview of the attack traffic activity. We then use Latent Dirichlet Allocation (LDA) to discover topics in the log data.