Difference between revisions of "Group01 Dataset Overview"
(Created page with "LINK TO PROJECT GROUPS:<br /> Please Click Here -> [https://wiki.smu.edu.sg/1718t3isss608/Project_Groups] <!--MAIN HEADER --> <div style="background:-webkit-gradient(linear,...") |
|||
| Line 57: | Line 57: | ||
|} | |} | ||
| + | |||
| + | |||
| + | ==What is Honeypot?== | ||
| + | In simple terms, Honeypot is a trap for network attacks, and it records the IP addresses of such attacks.<br /> | ||
| + | |||
| + | As described by Amazon Web Service (AWS)[https://docs.aws.amazon.com/solutions/latest/aws-waf-security-automations/architecture.html], a honey pot is a security mechanism intended to lure and deflect an attempted attack. AWS’s honey pot is a trap point that one can insert into website to detect inbound requests from content scrapers and bad bots. The IP addresses are recorded if a source accesses the honeypot. | ||
| + | |||
| + | ==Overview of the AWS Honeypot Cyberattack== | ||
| + | The test dataset of AWS Honeypot Cyberattack is retrieved from Kaggle,[https://www.kaggle.com/casimian2000/aws-honeypot-attack-data/data%20 https://www.kaggle.com/casimian2000/aws-honeypot-attack-data/data ] <br /> | ||
| + | <br /> | ||
| + | |||
| + | We use Tableau Prep to run an overview of the data before any analysis. | ||
| + | |||
| + | |||
| + | ==Analysis of Data fields== | ||
| + | |||
| + | The interpretation of the data sets have been assisted with below reference. | ||
| + | https://emreovunc.com/projects/honeypots_data_analysis.pdf | ||
| + | https://www.kaggle.com/jonathanbouchet/aws-honeypot/notebook | ||
| + | |||
| + | |||
| + | |||
| + | ==What to analysis?== | ||
| + | Without a doubt, the dataset requires data cleaning as the work proceeds. However, based on the analysis of the field, it is clear that | ||
| + | * The targets/destinations are 8 different servers (host) | ||
| + | * The attackers are from various sources around the world | ||
| + | # IP addresses | ||
| + | # Counties + cities | ||
| + | # Postcode + Geographic data | ||
| + | * Time log is available | ||
| + | |||
| + | We can run a few analyses | ||
| + | * Basic statistics of the data | ||
| + | * Advance visualisation of the data | ||
| + | * Animation of attacks showing “Origin Vs Destination” over the time log | ||
Revision as of 22:02, 22 July 2018
LINK TO PROJECT GROUPS:
Please Click Here -> [1]
|
|
|
|
|
|
|
|
|
|
Contents
What is Honeypot?
In simple terms, Honeypot is a trap for network attacks, and it records the IP addresses of such attacks.
As described by Amazon Web Service (AWS)[2], a honey pot is a security mechanism intended to lure and deflect an attempted attack. AWS’s honey pot is a trap point that one can insert into website to detect inbound requests from content scrapers and bad bots. The IP addresses are recorded if a source accesses the honeypot.
Overview of the AWS Honeypot Cyberattack
The test dataset of AWS Honeypot Cyberattack is retrieved from Kaggle,https://www.kaggle.com/casimian2000/aws-honeypot-attack-data/data
We use Tableau Prep to run an overview of the data before any analysis.
Analysis of Data fields
The interpretation of the data sets have been assisted with below reference. https://emreovunc.com/projects/honeypots_data_analysis.pdf https://www.kaggle.com/jonathanbouchet/aws-honeypot/notebook
What to analysis?
Without a doubt, the dataset requires data cleaning as the work proceeds. However, based on the analysis of the field, it is clear that
- The targets/destinations are 8 different servers (host)
- The attackers are from various sources around the world
- IP addresses
- Counties + cities
- Postcode + Geographic data
- Time log is available
We can run a few analyses
- Basic statistics of the data
- Advance visualisation of the data
- Animation of attacks showing “Origin Vs Destination” over the time log
