Report available! Collaborative Honeynet Threat Sharing Platform

With the continuous rise of cyber security threats, monitoring security potential threats and attacks become essential to plan for cyber defense. Honeypot, a decoy system designed to lure attackers, has been used to track and learn attacker’s behavior. Collecting attacker’s interactions with honeypot at different locations inside different organization’s premises provide useful and more complete picture of the landscape of current cyber security threats. The log of the attacks to the honeypots become an essential cyber security threat information that could be shared to many of the security incident analysts at different organizations to provide relevant and contextual threat intelligence. The goal of this project is to develop and implement a collaborative honeynet threat sharing platform that could collect, store, add contextual information pertaining to the threat and share these threat information to the relevant organization. This project continues on the previous year project with additional type of honeypots are being added to the collection of honeypot sensors. In addition, new type of threat categories, threat purpose and threat phases are added to define more fine-grained secure shell (ssh) attacks seen in our honeypots. With the new public dashboard is now ready for public view, our hope is more organizations in Indonesia as well as organizations in ASEAN countries would be interested to participate in the project in a collaborative effort to share and exchange threat information, which potentially could be used as a cyber defense platform for each of the participating organizations.

The project achieved the following objectives:

  1. Develop a collaborative repository platform for storing honeynet-based threat information. The project allows anyone or organization to participate in a community-based threat information sharing based on the honeynet system.  There are 4 honeypots currently implemented, i.e., cowrie, Dionaea, Elastichoney, and conpot.
  2. Redesign and develop a more robust repository and visualization platform that allows security analysts to add and enrich existing security threat information with the results of the analysis of the security events or objects related to the events. The robust repository platform utilized the cluster database of MongoDB while the visualization platform also uses cluster setup to distribute search tasks over cluster servers, improving overall user experience of using the platform.
  3. An enhanced platform that allows organizations to share and exchange security threat information with other organizations. The platform enables the threat information to be exchanged with the cyber security community through TAXII services in a standardized format or through open-source threat intelligence Malware Information Sharing Platform (MISP).

The project was lead by the Charles Lim, from Swiss German University (SGU) and builds on years of collaboration to support the Honeynet project Indonesia Chapter (IHP), in partnership with the Ministry of Communication and Informatics (KOMINFO) and Badan Siber & Sandi Negara (BSSN). It is also an expansion of a previous ISIF Asia grant allocated in 2019.

The final report is available here.

You Might Also Like

Published by

Sylvia Cadena - ISIF Asia secretariat

After ten years managing the Information Society Innovation Fund (ISIF) at APNIC, Sylvia was appointed Head of Programs at the APNIC Foundation in December 2016. As Head of Programs, Sylvia works on the management, design and implementation of collaborative programs to expand APNIC’s capacity building efforts and its overall Development Program. At ISIF Asia, Sylvia continues to lead a grants and awards program that seeks to empower communities in the Asia Pacific to research, design and implement Internet-based solutions for their own needs. One of the region’s most established Internet development programs, ISIF places particular emphasis on the positive role the Internet has on social and economic development in the Asia Pacific. Sylvia also leads APNIC’s engagement with the Seed Alliance, a global collaboration with the African (AFRINIC) and South American (LACNIC) Internet registries. Together with its funding partners, and various regional sponsors, the Seed Alliance supports innovative Internet development across the global south. She is also a member of the ICANN CCWG on new gTLD auction proceeds and co-chair of the APrIGF. Throughout her career, Sylvia has focused on the strategic use of the Internet for development with an emphasis on capacity building. Since her early years as a UN Volunteer, she has worked across the multi-stakeholder spectrum of organizations with technical and advisory roles, mainly about information systems, access provision and innovation. In July 2003, her work was recognized with the "Annual Award for Young Professionals" by the International Development Research Center (IDRC).