Computer Engineering Masters research project, Trinity College Dublin. Corresponds to Masters research project dissertation.
A containerised cyber-incident monitoring system based on Dockerised Cowrie honeypot.
The research environment in question was hosted on 2 AWS EC2 instances:
- 1 for hosting the containerised honeypot network;
- 1 for hosting tools for the remote monitoring, logging and visualisation of honeypot data.
The novel component of this solution is a highly deployable pre-configured network of honeypots. Honeypots are capable of providing active threat detection in IT infrastructures. Using this solution. a fully-networked system of interconnected honeypots can be deployed, with a good internet connection, within a matter of minutes on a Linux-based OS supporting Docker.
Attack event data captured by this system has the potential to provide enhanced threat intelligence through providing system administrators with (i) concise descriptions of complex threat data, and (ii) rapid alert generation. It is proposed that this makes active network defence mechanisms such as honeypots more feasible for practical deployment in enterprise-level networks.
Huge thanks to @micheloosterhof and all contributors to the Cowrie project, which formed the basis of the containerised honeynet.