ENHANCING DECEPTION IN REALISTIC HTTP HONEYPOTS TO STIMULATE AND REVEAL ATTACKER BEHAVIOR THROUGH ATTACK SESSION-BASED ANALYSIS

Abstract

The digital transformation era has dramatically increased the global dependency on web services, consequently elevating the risks associated with cybersecurity threats. As the integration of digital technologies into business operations becomes more prevalent, the sophistication of cyber threats continues to evolve, targeting vulnerabilities across various digital platforms. This research aims to address these escalating security challenges by enhancing the deceptive capabilities of honeypots, thereby improving the detection and analysis of sophisticated cyberattacks. Specifically, this study integrates vulnerabilities listed in the OWASP Top 10 2021 and employs the MITRE ATT&CK framework to develop a honeypot that not only simulates real-world systems but also provides a structured analysis of attacker tactics, techniques, and procedures (TTPs). This approach promises to increase the engagement of attackers with honeypots, thereby enriching the data available for enhancing cybersecurity measures. The literature review reveals a significant reliance on honeypots to capture and analyze advanced threats, highlighting their evolving role in the cybersecurity landscape. This study contributes to the field by proposing a refined honeypot model that leverages established security frameworks to offer more realistic interactions and comprehensive threat analyses. The expected outcome is to provide deeper insights into cyber attacker behaviors, thus supporting the development of more effective cybersecurity strategies to protect against a broader spectrum of cyber threats.