The Use of Honeypot in Machine Learning Based on Malware Detection: A Review

A very significant increase in the spread of malware has resulted in malware analysis using signature matching approaches and heuristic methods that are no longer suitable for malware analysis. Recently the approach to using machine learning has been proposed by many researchers. Machine learning is considered a more effective and efficient approach to detect malware compared to conventional approaches. At the same time, researchers proposed a honeypot as a device capable of gathering malware information. Honeypot is designed as a malware trap and is stored on the system provided. Then record events that detect and gather information about the attacker's activities and identity. This paper aims to investigate the use of honeypot in machine learning to detect malware. The Systematic Literature Review (SLR) method was used to identify 684 papers in the IEEE Xplore database and ACM Digital Library based on automatic searches and predefined strings. Then 11 papers were selected to be investigated based on inclusion and exclusion criteria. From the results of the literature, it can be concluded that the trend of honeypot use in malware detection-based learning has increased from 2017 to 2019. The techniques used by most researchers are utilizing available honeypot datasets. Meanwhile, based on the type of malware analyzed, honeypot in machine learning is mostly used to collect IoT-based malware.