Automated Cyber Threat Intelligence Generation from Honeypot Data

The evolving of advance cyber threats requires the cyber security specialist and system analyst to detect, analyse and timely react against such kind of cyber attacks. In real practical scenario, the timely dissemination of attack information is a challenge and that is not possible without cyber threat intelligence with inclusion of deep analysis of attack features and attack contextual information. In this paper, automated proactive approach for cyber threat intelligence generation is presented integrated with standard data sharing formats that can act as attack indicator for the security defence mechanism put in place in an organization such as SIEM. The strength of Honeypot-based approaches for cyber threat intelligence is proven with well-defined use cases. The capabilities of Honeypots to detect zero-day attacks can be benefited if and only if the attack events are timely digested by the security solutions and that is only possible by sharing the attack events in standard data sharing languages. The developed system is fully automated that include captured attack data is processed by various automated analysis engines, augmenting the contextual information and applying deep learning models for later threat prediction. Finally, we propose a system design incorporating deep learning neural network-based cyber threat intelligence generation for cyber threat prediction. To achieve all these, cluster of VM Honeypots are deployed in a public IP4 network.