Profiling attacker behavior in honeypot deception: a comparative analysis of varying cyber-deception levels : a thesis in Computer Engineering

Eric Savage

doi:10.62791/20443

Back

Thesis

Open access

Profiling attacker behavior in honeypot deception: a comparative analysis of varying cyber-deception levels : a thesis in Computer Engineering

Eric Savage

Master of Science (MS), University of Massachusetts Dartmouth

2025

DOI:

https://doi.org/10.62791/20443

Abstract

As the number of cyber threats continues to rise and grow more sophisticated, organizations must find new ways to understand and counteract attacker behavior. This thesis compares the actions of attackers across three different setups: a machine with no deception mechanisms, a machine with a low-interaction honeypot, and a machine with a high interaction honeypot. By recording activity over several weeks and building profiles foreach attacker based on their IP address, clear differences in behavior between the systems were identified. Based on these observations, the work proposes new strategies for designing honeypots that are more effective at gathering intelligence and understanding attackers’ motives. This thesis also explores how these deception tools can be integrated into Zero Trust Networks to help organizations remain resilient against future attacks.

Files and links (1)

pdf

Savage E. COE MS Thesis 20257.05 MBDownload View

CC BY-NC-ND V4.0, Open Access

Metrics

31 File views/ downloads

48 Record Views

Details

Title: Profiling attacker behavior in honeypot deception
Creators: Eric Savage
ORCID: 0009-0006-5782-1389
Contributors: Ruolin Zhou (Advisor) - University of Massachusetts Dartmouth, Department of Electrical and Computer Engineering
Lance Fiondella (Committee Member) - University of Massachusetts Dartmouth, Department of Electrical and Computer Engineering
Hong Liu (Committee Member) - University of Massachusetts Dartmouth, Department of Electrical and Computer Engineering
Number of pages: ix, 34 pages
Illustrations: illustrations (some color)
Table of contents: List of figures -- List of tables -- Chapter 1. Introduction -- Problem statement -- Motivations -- Thesis outline -- Chapter 2. Literature review -- Foundations of cyber deception -- Telemetry collection and behavioral profiling -- Zero trust integration -- Research gaps -- Chapter 3. Methodology -- Testbed design and deployment -- Data-collection process -- Data processing and profile building -- Behavioral analysis methods -- Chapter 4. Results -- Profile building outcomes -- Chapter 5. Discussion -- Chapter 6. Conclusion -- References.
References: Includes bibliographical references (pages 48-50).
Awarding Institution: University of Massachusetts Dartmouth
Degree Awarded: Master of Science (MS)
Degree in: Computer Engineering
Academic Unit: Department of Electrical and Computer Engineering
Language: English
Resource Type: Thesis
DOI: https://doi.org/10.62791/20443
Record Identifier: 9914444129201301