A4 Article in conference proceedings
Refining Cyber Situation Awareness with Honeypots in Case of a Ransomware Attack (2024)

Ihanus, J., Kokkonen, T., & Hämäläinen, T. (2024). Refining Cyber Situation Awareness with Honeypots in Case of a Ransomware Attack. In Á. Rocha, H. Adeli, G. Dzemyda, F. Moreira, & A. Poniszewska-Marańda (Eds.), WorldCIST 2024 : Good Practices and New Perspectives in Information Systems and Technologies (985, pp. 92-101). Springer. Lecture Notes in Networks and Systems. https://doi.org/10.1007/978-3-031-60215-3_10

JYU authors or editors

Publication details

All authors or editors: Ihanus, Jouni; Kokkonen, Tero; Hämäläinen, Timo

Parent publication: WorldCIST 2024 : Good Practices and New Perspectives in Information Systems and Technologies

Parent publication editors: Rocha, Álvaro; Adeli, Hojjat; Dzemyda, Gintautas; Moreira, Fernando; Poniszewska-Marańda, Aneta

Place and date of conference: Lodz, Poland, 26.-28.3.2024

ISBN: 978-3-031-60214-6

eISBN: 978-3-031-60215-3

Journal or series: Lecture Notes in Networks and Systems

ISSN: 2367-3370

eISSN: 2367-3389

Publication year: 2024

Volume: 985

Pages range: 92-101

Number of pages in the book: 228

Publisher: Springer

Place of Publication: Cham

Publication country: Switzerland

Publication language: English

DOI: https://doi.org/10.1007/978-3-031-60215-3_10

Publication open access: Not open

Publication channel open access: 

Abstract

The cyber threat landscape is vast and unstable. One of the top threats in the present moment is ransomware, which is constantly spreading in prevalence. To protect organisations’ cyber operating environment, ability to perceive elements relating to this threat is crucial. At the same time, many security controls face challenges in terms of fidelity of the security events. In this paper, honeypot technology is studied to support situation awareness in case of a ransomware attack. Especially detection capabilities of the honeypots are considered from the perspective of technical characteristic of ransomware. As a conclusion, we propose a construction model for enhancing cyber situation awareness using honeypots during various stages of a ransomware attack. Additionally, the analysed results are explained with identified future research topics.

Keywords: cyber security; safety and security; extortion

Contributing organizations

Ministry reporting: Yes

Preliminary JUFO rating: 1