TITLE:
Systematic Review of Graphical Visual Methods in Honeypot Attack Data Analysis
AUTHORS:
Gbenga Ikuomenisan, Yasser Morgan
KEYWORDS:
Honeypot Data Analysis, Network Intrusion Detection, Visualization and Visual Analysis, Graphical Methods and Perception, Systematic Literature Review
JOURNAL NAME:
Journal of Information Security,
Vol.13 No.4,
August
23,
2022
ABSTRACT: Mitigating increasing cyberattack incidents may require strategies such
as reinforcing organizations’ networks with Honeypots and effectively analyzing
attack traffic for detection of zero-day attacks and vulnerabilities. To
effectively detect and mitigate cyberattacks, both computerized and visual
analyses are typically required. However,
most security analysts are not adequately trained in visualization
principles and/or methods, which is required for effective visual perception of useful
attack information hidden in attack data. Additionally, Honeypot has proven useful in cyberattack research, but no studies have comprehensively investigated visualization practices in the field. In this paper, we reviewed visualization
practices and methods commonly used in the discovery and communication of attack patterns based on Honeypot
network traffic data. Using the PRISMA methodology, we identified and screened
218 papers and evaluated only 37 papers having a high impact. Most Honeypot papers conducted summary statistics of Honeypot
data based on static data metrics such as IP address, port, and packet
size. They visually analyzed Honeypot attack data using simple graphical
methods (such as line, bar, and pie charts) that tend to hide useful attack
information. Furthermore, only a few papers conducted extended attack analysis,
and commonly visualized attack data using scatter and linear plots. Papers
rarely included simple yet sophisticated graphical methods, such as box plots
and histograms, which allow for critical evaluation of analysis results. While
a significant number of automated visualization tools have incorporated
visualization standards by default, the construction of effective and
expressive graphical methods for easy pattern
discovery and explainable insights still requires applied knowledge and
skill of visualization principles and tools, and occasionally, an interdisciplinary collaboration with peers. We, therefore,
suggest the need, going forward, for non-classical graphical methods for
visualizing attack patterns and communicating analysis results. We also
recommend training investigators in visualization
principles and standards for effective visual perception and presentation.