Skip to main content

Detecting User Behavior in Cyber Threat Intelligence: Development of Honeypsy System.

Odemis, M., Yucel, C. and Koltuksuz, A., 2022. Detecting User Behavior in Cyber Threat Intelligence: Development of Honeypsy System. Security and Communication Networks, 2022, 7620125.

Full text available as:

7620125.pdf - Published Version
Available under License Creative Commons Attribution.


DOI: 10.1155/2022/7620125


This research demonstrates a design of an experiment of a hacker infiltrating a server where it is assumed that the communication between the hacker and the target server is established, and the hacker also escalated his rights on the server. Therefore, the honeypot server setup has been designed to reveal the correlation of a hacker’s actions with that of the hacker’s experience, personality, expertise, and psychology. To the best of our knowledge, such a design of experiment has never been tested rigorously on a honeypot implementation except for self-reporting tests applied to hackers in the literature. However, no study evaluates the actual data of these hackers and these tests. This study also provides a honeypot design to understand the personality and expertise of the hacker and displays the correlation of these data with the tests. Our Honeypsy system is composed of a Big-5 personality test, a cyber expertise test, and a capture-the-flag (CTF) event to collect logs with honeypot applied in this sequence. These three steps generate data on the expertise and psychology of known cyber hackers. The logs of the known hacker activities on honeypots are obtained through the CTF event that they have participated in. The design and deployment of a honeypot, as well as the CTF event, were specifically prepared for this research. Our aim is to predict an unknown hacker's expertise and personality by analyzing these data. By examining/analyzing the data of the known hackers, it is now possible to make predictions about the expertise and personality of the unknown hackers. The same logic applies when one tries to predict the next move of the unknown hackers attacking the server. We have aimed to underline the details of the personalities and expertise of hackers and thus help the defense experts of victimized institutions to develop their cyber defense strategies in accordance with the modus operandi of the hackers.

Item Type:Article
Group:Faculty of Science & Technology
ID Code:36580
Deposited By: Symplectic RT2
Deposited On:03 Feb 2022 13:41
Last Modified:14 Mar 2022 14:32


Downloads per month over past year

More statistics for this item...
Repository Staff Only -