The DAP Journey: Kkuldanji

Kkuldanji. It literally means “Honey Pots” in Korean.

In this Medium series, BIA extracts the introspection of our Data Associates as they recall their academic exploration. This post features an analytics project on Honey Pots, directed by Belle & Ding Yang, supervised by Darren & Zoe.

Photo from Threatpost: source

Joining the SMU Business Intelligence Analytics — Data Associate Program, our team has come together to work on visualization with a focus on Honeypots. Our team comprises of Belle, Darren, Dingyang & Zoe.

Meet the Team

Belle
Year 1, School of Information Systems

Analytics has been something I wanted to pursue since 4 years ago and I aim to reduce my knowledge gap towards visual analytics. I hope that through my experience with BIA, I am able to better understand analytics and to understand the process of analysing information. I have learnt many skills through engaging in BIA, but I still want to be able to apply what I have learnt, rather than just absorbing. My personal objective is to learn how to use the different visualisation and see how they are different from each other.

Darren
Year 2, School of Information Systems, Events Director for BIA

With the aim to further explore the various visualization tools, I took up this DAP project. Visualization tools help us better understand the data sets, generate new insights which ultimately helps in decision making. Honeypot is a new concept to me, and I look forward to collecting useful data points which can help users better protect themselves from potential hackers.

Ding Yang
Year 1, School of Information Systems

I joined BIA with the intention to expand my skill sets in data analytics. I have always wanted to grasp machine learning concepts, but I never really dived into or prioritised it. Hence, joining BIA serves as a form of motivation to continuously keep up with my learning progress. Moreover, this also allows me to contribute to the community by doing my part in the book club to master the designated machine learning topics.

As there is an increasing trend in the use of machine learning in the cybersecurity, I would like to join contribute to this movement to enhance the cybersecurity practices currently.

Zoe
Year 2, School of Business, Marketing Director for BIA

I joined this DAP project as it with the aim to work on visualization amongst other skill sets. Visualization is an intriguing aspect for me as people are mostly visual learners, and it turns data into meaningful information. With talented mentee like Ding Yang & Belle and co-mentor, Darren, I’m thrilled to see where this project will take us!

Photo by Florian Olivo on Unsplash

Introduction to Honeypots

Honeypots are very useful, especially deployed behind your firewall, to catch internal scanning hosts for an early warning system.

The data collected from honeypots and network sensor data are useful especially at scale to track threat feeds, reputation engine, attack trends by using data analysis. This offers a powerful and exciting way of learning about attackers’ presence and methods. They contribute to a security program that incorporates deception.

Although some may say that honeypots may not have much use for real-world purposes, it is a great tool for beginners who are just starting out in cybersecurity on attacker habits and patterns.

What we are doing

This project will focus on honeypot data we have gathered from the honeypots deployed online. We would like to scrape this data to find out if there are cool features we can use to create a storyboard.

As a honeypot is a system designed to be placed on a network for the purpose of having attackers to connect to it, these connections to the system are not usually legitimate and allow a network defender to detect the attacker through detailed logging.

These logs can reveal not only normal connection information but also session information revealing the techniques, tactics and procedures (TTP) used by the attacker.

What we want to achieve (milestones)

• Collect data
• Scrape
• Link IP to LongLat
• Map LongLat
• Create a story

What are the data sets we are using:

• Total Number of Connections
• Top Username and Passwords
• IP addresses of where the attacks are coming from
• Changing IP addresses to country codes

Hopefully, after our research, we can deduce some insights about how attackers work and contribute to the cybersecurity landscape in Singapore. Bye for now!