Open AccessThe investigation on cowrie honeypot logs in establishing rule signature snort
Author(s) -
Erwinsyah Satria,
T. Putra Safrul Huda,
Muhammad Iqbal,
Ferial Willy Sarjana
Publication year - 2021
Publication title -
iop conference series. earth and environmental science
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.179
H-Index - 26
eISSN - 1755-1307
pISSN - 1755-1315
DOI - 10.1088/1755-1315/644/1/012031
Subject(s) - honeypot , signature (topology) , computer science , computer security , mathematics , geometry
The attack of brute force is still one of the popular attacks used to hack into your account unauthorized by a computer system. Brute force is also the most crucial attack and has a high risk of the system being taken over. Investigating brute force attacks is useful for building strong computer network defense systems. In this study, Snort acts as an intrusion prevention system and Cowrie Honeypot as a tool to investigate anomalous behavior that occurs when a brute force attack happened. The aim of this research is to improve Snort's rule signature performance from brute force attacks by relying on the results of the Cowrie Honeypot log investigation. The results obtained, namely Snort rule signature successfully improved detection capabilities with performance in matching the same packet only requires a short processing time, respectively: 3.5 microsecs in Hydra attacks, 3.8 microsecs in Medusa attacks and 2.3 microsecs in Ncrack attacks.