Unsupervised attack pattern detection in honeypot data using Bayesian topic modelling. (arXiv:2301.02505v1 [cs.CR])

Cyber-systems are under near-constant threat from intrusion attempts. Attacks
types vary, but each attempt typically has a specific underlying intent, and
the perpetrators are typically groups of individuals with similar objectives.
Clustering attacks appearing to share a common intent is very valuable to
threat-hunting experts. This article explores topic models for clustering
terminal session commands collected from honeypots, which are special network
hosts designed to entice malicious attackers. The main practical implications
of clustering the sessions are two-fold: finding similar …

article attack attacks clustering cyber data detection experts honeypot honeypots hunting intent intrusion malicious near network objectives session share special systems terminal threat types under