A Pilot Study of Using Honeypots as Cyber Intelligence Sources

There will always be a security gap between our ability to secure our networks and the actual level of security needed. When securing our networks we need good intelligence to direct our efforts and focus on the right spots. We need to find those spots and they can be found, with the right tools. Survival time is a method that provides possibilities to make decisions concerning information security risks based on true knowledge and hard facts, in a repeatable and scientific manner. This presented work aim to investigate the possibility to use survival time of an unprotected system as an intelligence source and measure the current survival time for a given unprotected system. By the deployment of a decoy, an unprotected system, data is captured and collected through port monitoring. Mainly focus lie on building a time curve presenting the estimated time for an unprotected public system to get detected on the Internet and the elapsed time hence the system gets attacked.