Experimental Study of Honeypot-Based Cyber Attack and Data Collection in Campus Network Environment
DOI:
https://doi.org/10.35842/ijicom.v8i1.255Keywords:
Honeypot, Cyberattack Detection, Random Forest, Network SecurityAbstract
Cyberattacks continue to pose significant threats to organizational networks, requiring intelligent and adaptive detection mechanisms capable of identifying evolving attack patterns. This study proposes a honeypot-based cyberattack detection framework that integrates deception technology with the Random Forest machine learning algorithm to classify malicious activities captured from real-world network environments. During a seven-day observation period, the honeypot system captured 500 cyberattack events targeting SSH, Telnet, HTTP, and SMB services. SSH brute-force attacks dominated the dataset, accounting for 42% of all recorded incidents, followed by Telnet login attempts (24%), HTTP exploits (19%), and SMB exploits (15%). Behavioral analysis revealed recurring attack patterns, including automated brute-force attempts, sequential port scanning, and distributed attack activities originating from multiple IP addresses. Experimental results demonstrate that the Random Forest classifier achieved an accuracy of 92.40%, precision of 91.80%, recall of 90.90%, and F1-score of 91.30%. The confusion matrix further indicates that the model successfully distinguished among attack categories with minimal misclassification. In particular, the SSH class achieved a precision of 0.95, a recall of 0.94, and an F1-score of 0.94. These findings demonstrate that honeypot-generated datasets effectively support machine learning-based intrusion detection and enable accurate cyberattack classification.
Downloads
Downloads
Published
How to Cite
Issue
Section
License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.






