DORA: Dionaea Observation and Data Collection Analysis for Real-Time Cyberattack Surveillance and Threat Intelligence
Background: As assaults get more sophisticated, honeypots like Dionaea become an essential tool for analysing attack behaviours and detecting weaknesses. Despite their growing importance in cybersecurity, honeypots' role in real-time cyberattack surveillance and threat intelligence is largely u...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Prague University of Economics and Business
2025-08-01
|
| Series: | Acta Informatica Pragensia |
| Subjects: | |
| Online Access: | https://aip.vse.cz/artkey/aip-202503-0011_dora-dionaea-observation-and-data-collection-analysis-for-real-time-cyberattack-surveillance-and-threat-intell.php |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849233732066607104 |
|---|---|
| author | Hartinah Hartinah Andi Syarwani Ardiansyah Ardiansyah Irfan Syamsuddin |
| author_facet | Hartinah Hartinah Andi Syarwani Ardiansyah Ardiansyah Irfan Syamsuddin |
| author_sort | Hartinah Hartinah |
| collection | DOAJ |
| description | Background: As assaults get more sophisticated, honeypots like Dionaea become an essential tool for analysing attack behaviours and detecting weaknesses. Despite their growing importance in cybersecurity, honeypots' role in real-time cyberattack surveillance and threat intelligence is largely unknown. Many studies concentrate on identifying attacks rather than delivering actionable intelligence for defensive solutions. Furthermore, previous research frequently lacks thorough methodology for comparing attack data to real-world incidents and does not investigate the integration of honeypots with external intelligence services.Objective: This study assesses the Dionaea honeypot's ability to detect and analyse cyberattack trends, with an emphasis on attack patterns, malware dispersion, and geographical threat sources. The project will look into how Dionaea honeypots, when combined with external analysis services such as VirusTotal, might provide more thorough insights into cyberattack tactics and improve proactive cybersecurity defence mechanisms.Methods: The Dionaea honeypot was used to identify a range of attacks on vulnerable services including Telnet (Port 23), SMB (Port 445), and MySQL (Port 3306). Over a seven-day observation period, 32,395 attack connections from 6,276 distinct IP addresses were detected, yielding 2,892 malware samples. These samples were examined using VirusTotal, and the findings were categorised by malware type, attack vector, and geographical origin. Geospatial and service-specific attack patterns were also investigated to detect emerging trends and high-risk sites.Results: The investigation identified WannaCry ransomware as the most common malware, accounting for 1,076 incidents, demonstrating the continuous exploitation of the MS17-010 vulnerability in SMB (Port 445). The most frequently attacked ports were Port 23 (Telnet), Port 445 (SMB), and Port 3306 (MySQL), which received 7,988, 6,898, and 3,589 attack attempts, respectively. Geographically, the leading sources of assault activity were China (42%), the United States (17%), and Japan (13%). The findings demonstrate that honeypots are not only effective attack detection tools, but also significant sources of intelligence for understanding cyber threat methods and adversary behaviours.Conclusion: This study proposes DORA (Dionaea Observation and Data Collection Analysis), an integrated system that enhances the existing Dionaea honeypot by combining its data with external analysis services like VirusTotal. This integration provides critical insights into real-time cyberattack detection, malware analysis, and attack vector identification. The findings highlight vulnerabilities in services like Telnet and SMB, particularly the exploitation of MS17-010. DORA improves threat intelligence workflows, enhancing malware detection accuracy and classifying threats more efficiently. Additionally, it helps identify high-risk attack surfaces, forming the basis for adaptive cybersecurity strategies. This research contributes to developing resilient defence systems capable of addressing emerging threats. |
| format | Article |
| id | doaj-art-65ddaaa3ba364236bff10d7e177b2ebe |
| institution | Kabale University |
| issn | 1805-4951 |
| language | English |
| publishDate | 2025-08-01 |
| publisher | Prague University of Economics and Business |
| record_format | Article |
| series | Acta Informatica Pragensia |
| spelling | doaj-art-65ddaaa3ba364236bff10d7e177b2ebe2025-08-20T04:03:26ZengPrague University of Economics and BusinessActa Informatica Pragensia1805-49512025-08-0114347448810.18267/j.aip.277aip-202503-0011DORA: Dionaea Observation and Data Collection Analysis for Real-Time Cyberattack Surveillance and Threat IntelligenceHartinah Hartinah0Andi Syarwani1Ardiansyah Ardiansyah2Irfan Syamsuddin3https://orcid.org/0000-0002-6017-7364Department of Informatics and Computer Engineering, State Polytechnic of Ujung Pandang, Makassar, IndonesiaDepartment of Informatics and Computer Engineering, State Polytechnic of Ujung Pandang, Makassar, IndonesiaDepartment of Informatics and Computer Engineering, State Polytechnic of Ujung Pandang, Makassar, IndonesiaDepartment of Informatics and Computer Engineering, State Polytechnic of Ujung Pandang, Makassar, IndonesiaBackground: As assaults get more sophisticated, honeypots like Dionaea become an essential tool for analysing attack behaviours and detecting weaknesses. Despite their growing importance in cybersecurity, honeypots' role in real-time cyberattack surveillance and threat intelligence is largely unknown. Many studies concentrate on identifying attacks rather than delivering actionable intelligence for defensive solutions. Furthermore, previous research frequently lacks thorough methodology for comparing attack data to real-world incidents and does not investigate the integration of honeypots with external intelligence services.Objective: This study assesses the Dionaea honeypot's ability to detect and analyse cyberattack trends, with an emphasis on attack patterns, malware dispersion, and geographical threat sources. The project will look into how Dionaea honeypots, when combined with external analysis services such as VirusTotal, might provide more thorough insights into cyberattack tactics and improve proactive cybersecurity defence mechanisms.Methods: The Dionaea honeypot was used to identify a range of attacks on vulnerable services including Telnet (Port 23), SMB (Port 445), and MySQL (Port 3306). Over a seven-day observation period, 32,395 attack connections from 6,276 distinct IP addresses were detected, yielding 2,892 malware samples. These samples were examined using VirusTotal, and the findings were categorised by malware type, attack vector, and geographical origin. Geospatial and service-specific attack patterns were also investigated to detect emerging trends and high-risk sites.Results: The investigation identified WannaCry ransomware as the most common malware, accounting for 1,076 incidents, demonstrating the continuous exploitation of the MS17-010 vulnerability in SMB (Port 445). The most frequently attacked ports were Port 23 (Telnet), Port 445 (SMB), and Port 3306 (MySQL), which received 7,988, 6,898, and 3,589 attack attempts, respectively. Geographically, the leading sources of assault activity were China (42%), the United States (17%), and Japan (13%). The findings demonstrate that honeypots are not only effective attack detection tools, but also significant sources of intelligence for understanding cyber threat methods and adversary behaviours.Conclusion: This study proposes DORA (Dionaea Observation and Data Collection Analysis), an integrated system that enhances the existing Dionaea honeypot by combining its data with external analysis services like VirusTotal. This integration provides critical insights into real-time cyberattack detection, malware analysis, and attack vector identification. The findings highlight vulnerabilities in services like Telnet and SMB, particularly the exploitation of MS17-010. DORA improves threat intelligence workflows, enhancing malware detection accuracy and classifying threats more efficiently. Additionally, it helps identify high-risk attack surfaces, forming the basis for adaptive cybersecurity strategies. This research contributes to developing resilient defence systems capable of addressing emerging threats.https://aip.vse.cz/artkey/aip-202503-0011_dora-dionaea-observation-and-data-collection-analysis-for-real-time-cyberattack-surveillance-and-threat-intell.phphoneypotcybersecuritymalware detection and analysiscyber threat detectionnetwork securityreal-time threat intelligencevulnerability assessment |
| spellingShingle | Hartinah Hartinah Andi Syarwani Ardiansyah Ardiansyah Irfan Syamsuddin DORA: Dionaea Observation and Data Collection Analysis for Real-Time Cyberattack Surveillance and Threat Intelligence Acta Informatica Pragensia honeypot cybersecurity malware detection and analysis cyber threat detection network security real-time threat intelligence vulnerability assessment |
| title | DORA: Dionaea Observation and Data Collection Analysis for Real-Time Cyberattack Surveillance and Threat Intelligence |
| title_full | DORA: Dionaea Observation and Data Collection Analysis for Real-Time Cyberattack Surveillance and Threat Intelligence |
| title_fullStr | DORA: Dionaea Observation and Data Collection Analysis for Real-Time Cyberattack Surveillance and Threat Intelligence |
| title_full_unstemmed | DORA: Dionaea Observation and Data Collection Analysis for Real-Time Cyberattack Surveillance and Threat Intelligence |
| title_short | DORA: Dionaea Observation and Data Collection Analysis for Real-Time Cyberattack Surveillance and Threat Intelligence |
| title_sort | dora dionaea observation and data collection analysis for real time cyberattack surveillance and threat intelligence |
| topic | honeypot cybersecurity malware detection and analysis cyber threat detection network security real-time threat intelligence vulnerability assessment |
| url | https://aip.vse.cz/artkey/aip-202503-0011_dora-dionaea-observation-and-data-collection-analysis-for-real-time-cyberattack-surveillance-and-threat-intell.php |
| work_keys_str_mv | AT hartinahhartinah doradionaeaobservationanddatacollectionanalysisforrealtimecyberattacksurveillanceandthreatintelligence AT andisyarwani doradionaeaobservationanddatacollectionanalysisforrealtimecyberattacksurveillanceandthreatintelligence AT ardiansyahardiansyah doradionaeaobservationanddatacollectionanalysisforrealtimecyberattacksurveillanceandthreatintelligence AT irfansyamsuddin doradionaeaobservationanddatacollectionanalysisforrealtimecyberattacksurveillanceandthreatintelligence |