![]() ![]() ![]() Src_ip_identifier Obfuscated (pseudonymized) IP address of the attackerĮventid Event id of the session in the cowrie honeypot Field Descriptionĭst_ip_identifier Pseudonymized dst public IPv4 of the honeypot nodeĭst_host_identifier Obfuscated (pseudonymized) name of the honeypot node Geolocation data was added to Cowrie output messages based on the source IP address. Results from high-interaction mode are tagged with "sensor:ubuntu_basic_pool". The honeypot has been operating in its default (low-interaction) mode using version 1.6.0 from the start of the experiment until Novemafter that date, we upgraded to Cowrie version 2.0.2, which allowed us to back it by a pool of real Linux instances to provide more convincing high-interaction mode. Each event in such a session includes all the data reported by the honeypot software ( ). ![]() This number has varied throughout the duration of the experiment due to scaling efforts and the target node availability. All public IP addresses in the dataset are pseudonymized to protect the identity of the destination nodes.Įach file in the dataset is a daily compilation of all connections starting at midnight on that date (date in filename, midnight in UTC time), grouped into "attack sessions". The experiment was based on the Cowrie honeypot (, versions 1.6.0 and 2.0.2, see below for the timeline) deployed on approximately 50 nodes at different EU and US universities and companies. This dataset contains all data collected by the CyberLab honeynet experiment, from May 2019 to February 2020. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |