Detecting User Behavior in Cyber Threat Intelligence: Development of Honeypsy System
| dc.contributor.author | Murat Odemis | |
| dc.contributor.author | Cagatay Yucel | |
| dc.contributor.author | Ahmet Hasan Koltuksuz | |
| dc.contributor.author | Yucel, Cagatay | |
| dc.contributor.author | Odemis, Murat | |
| dc.contributor.author | Koltuksuz, Ahmet | |
| dc.date.accessioned | 2025-10-06T17:50:12Z | |
| dc.date.issued | 2022 | |
| dc.description.abstract | This research demonstrates a design of an experiment of a hacker infiltrating a server where it is assumed that the communication between the hacker and the target server is established and the hacker also escalated his rights on the server. Therefore the honeypot server setup has been designed to reveal the correlation of a hacker's actions with that of the hacker's experience personality expertise and psychology. To the best of our knowledge such a design of experiment has never been tested rigorously on a honeypot implementation except for self-reporting tests applied to hackers in the literature. However no study evaluates the actual data of these hackers and these tests. This study also provides a honeypot design to understand the personality and expertise of the hacker and displays the correlation of these data with the tests. Our Honeypsy system is composed of a Big-5 personality test a cyber expertise test and a capture-the-flag (CTF) event to collect logs with honeypot applied in this sequence. These three steps generate data on the expertise and psychology of known cyber hackers. The logs of the known hacker activities on honeypots are obtained through the CTF event that they have participated in. The design and deployment of a honeypot as well as the CTF event were specifically prepared for this research. Our aim is to predict an unknown hacker's expertise and personality by analyzing these data. By examining/analyzing the data of the known hackers it is now possible to make predictions about the expertise and personality of the unknown hackers. The same logic applies when one tries to predict the next move of the unknown hackers attacking the server. We have aimed to underline the details of the personalities and expertise of hackers and thus help the defense experts of victimized institutions to develop their cyber defense strategies in accordance with the modus operandi of the hackers. © 2022 Elsevier B.V. All rights reserved. | |
| dc.description.sponsorship | European Union [830943] | |
| dc.description.sponsorship | Horizon 2020 Framework Programme, H2020, (830943) | |
| dc.description.sponsorship | As this work is part of an ongoing Ph.D. research, the authors would like to express their gratitude to thesis jury committee members Dr. Beyazit, Dr. Kose, and Dr. Eren. This work has received funding from the European Unions Horizon 2020 research and innovation program, under the Grant agreement no. 830943(ECHO). | |
| dc.identifier.doi | 10.1155/2022/7620125 | |
| dc.identifier.issn | 19390114, 19390122 | |
| dc.identifier.issn | 1939-0114 | |
| dc.identifier.issn | 1939-0122 | |
| dc.identifier.scopus | 2-s2.0-85124393262 | |
| dc.identifier.uri | https://www.scopus.com/inward/record.uri?eid=2-s2.0-85124393262&doi=10.1155%2F2022%2F7620125&partnerID=40&md5=8bd3f75e1aba2f0fa7f1908fd09553e9 | |
| dc.identifier.uri | https://gcris.yasar.edu.tr/handle/123456789/8836 | |
| dc.identifier.uri | https://doi.org/10.1155/2022/7620125 | |
| dc.language.iso | English | |
| dc.publisher | Hindawi Limited | |
| dc.relation.ispartof | Security and Communication Networks | |
| dc.rights | info:eu-repo/semantics/openAccess | |
| dc.source | Security and Communication Networks | |
| dc.subject | Behavioral Research, Design Of Experiments, Forecasting, Network Security, Testing, Capture The Flag, Cyber Threats, Cyber-defense, Defense Strategy, Honeypots, Modus Operandi, Personality Tests, Self-reporting, User Behaviors, Personal Computing | |
| dc.subject | Behavioral research, Design of experiments, Forecasting, Network security, Testing, Capture the flag, Cyber threats, Cyber-defense, Defense strategy, Honeypots, Modus operandi, Personality tests, Self-reporting, User behaviors, Personal computing | |
| dc.title | Detecting User Behavior in Cyber Threat Intelligence: Development of Honeypsy System | |
| dc.type | Article | |
| dspace.entity.type | Publication | |
| gdc.author.id | Yücel, Çağatay/0000-0002-4901-5954 | |
| gdc.author.id | Koltuksuz, Ahmet Hasan/0000-0002-2205-6238 | |
| gdc.author.scopusid | 57195415972 | |
| gdc.author.scopusid | 56285502500 | |
| gdc.author.scopusid | 13408802300 | |
| gdc.bip.impulseclass | C4 | |
| gdc.bip.influenceclass | C5 | |
| gdc.bip.popularityclass | C4 | |
| gdc.coar.type | text::journal::journal article | |
| gdc.collaboration.industrial | false | |
| gdc.description.department | ||
| gdc.description.departmenttemp | [Odemis, Murat; Koltuksuz, Ahmet] Yasar Univ, Dept Comp Engn, TR-35530 Izmir, Turkey; [Yucel, Cagatay] Bournemouth Univ, Dept Comp & Informat, Poole BH12 5BB, Dorset, England | |
| gdc.description.endpage | 28 | |
| gdc.description.publicationcategory | Makale - Uluslararası Hakemli Dergi - Kurum Öğretim Elemanı | |
| gdc.description.startpage | 1 | |
| gdc.description.volume | 2022 | |
| gdc.description.woscitationindex | Science Citation Index Expanded - Social Science Citation Index | |
| gdc.identifier.openalex | W4210488927 | |
| gdc.identifier.wos | WOS:000774906500003 | |
| gdc.index.type | Scopus | |
| gdc.index.type | WoS | |
| gdc.oaire.accesstype | GOLD | |
| gdc.oaire.diamondjournal | false | |
| gdc.oaire.downloads | 4 | |
| gdc.oaire.impulse | 6.0 | |
| gdc.oaire.influence | 2.7600309E-9 | |
| gdc.oaire.isgreen | true | |
| gdc.oaire.popularity | 6.3153855E-9 | |
| gdc.oaire.publicfunded | false | |
| gdc.oaire.sciencefields | 0202 electrical engineering, electronic engineering, information engineering | |
| gdc.oaire.sciencefields | 02 engineering and technology | |
| gdc.oaire.views | 0 | |
| gdc.openalex.collaboration | International | |
| gdc.openalex.fwci | 1.1418 | |
| gdc.openalex.normalizedpercentile | 0.78 | |
| gdc.opencitations.count | 6 | |
| gdc.plumx.mendeley | 38 | |
| gdc.plumx.newscount | 4 | |
| gdc.plumx.scopuscites | 8 | |
| gdc.scopus.citedcount | 8 | |
| gdc.virtual.author | Ödemiş, Murat | |
| gdc.virtual.author | Yücel, Çağatay | |
| gdc.virtual.author | Koltuksuz, Ahmet Hasan | |
| gdc.wos.citedcount | 8 | |
| person.identifier.scopus-author-id | Odemis- Murat (57195415972), Yucel- Cagatay (56285502500), Koltuksuz- Ahmet Hasan (13408802300) | |
| publicationvolume.volumeNumber | 2022 | |
| relation.isAuthorOfPublication | 06bfcd18-b51a-435f-bda8-5a840c61bfbc | |
| relation.isAuthorOfPublication | 516a87df-891f-458d-994e-b459294fda36 | |
| relation.isAuthorOfPublication | 0a146451-eb5a-43c9-bfca-979da9ee51d7 | |
| relation.isAuthorOfPublication.latestForDiscovery | 06bfcd18-b51a-435f-bda8-5a840c61bfbc | |
| relation.isOrgUnitOfPublication | ac5ddece-c76d-476d-ab30-e4d3029dee37 | |
| relation.isOrgUnitOfPublication.latestForDiscovery | ac5ddece-c76d-476d-ab30-e4d3029dee37 |