Data Analysis

Another challenge with honeypots is analyzing all the data they collect and turning that into useful information. When a honeypot is attacked, what data is critical, what can we learn about the attacker, and what can we learn about our own security mechanisms? Different honeypots collect different amounts and types of data. Low-interaction honeypots collect limited information, primarily transactional data about connections to and from the emulated services. For low-interaction honeypots, data analysis is simple because there is little data to analyze. High-interaction honeypots represent the other extreme: They can collect vast amounts of data. This data also comes in various forms, from system logs, network packet captures, and ...

Get Honeypots: Tracking Hackers now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.