Suggesting a Honeypot Design to Capture Hacker Psychology- Personality and Sophistication

Abstract

The benefits of collaborating across disciplines such as social sciences applied statistics and computer science primarily affect the security arena regarding the fields of open source intelligence information warfare and strategic studies of security. Computer science and psychology are becoming more and more involved with the advancements in big data analytics. Contemporary studies in this intersection show that personality traits such as neuroticism extroversion openness agreeableness and conscientiousness can be predicted through sensors logs and active user behaviors. In the security systems it is now a need for psychoanalysis to become more proactive as it plays an important role in the understanding of a cyber threat. The research question that leads the suggestions in this paper is How much can be learned from logs honeypots and collected security-related data about a hacker's psychology personality and sophistication? Hackers' traits have been investigated in the following dimensions: persistence skill greed motivation confidence and stealth. Honeypots have been designed to create a passive trap for the adversaries. This unlocks and reveals actionable information about the adversaries regarding their identities locations types of attacks they choose to use and their motivations. When a standard private honeypot server is online it will fill out its logs with many attacks from botnets and other automated malicious activities within a short time. In this mass production of logs and activities the quantity within the collection of useful information becomes unfeasible to have gathered without such a program. So far honeypots have been categorized according to their interaction levels and service types. A low-interaction honeypot emulates a few steps and replies of the vulnerable network protocol and the network stack is imitated while a high-interaction honeypot provides a full experience of the service for which it is designed. The amount of transferred data number of failed logins CPU and memory usage and the search sophistication levels are the characteristics which can be derived from a honeypot. This work-in-progress study will detail the specifications of a special type of honeypot that is designed to capture the aforementioned characteristics and sophistication of a hacker.