CTU Hornet 65 Niner: A Network Dataset of Geographically Distributed Low-Interaction Honeypots
- 1. Czech Technical University in Prague
Description
CTU Hornet 65 Niner is a dataset of 65 days of network traffic attacks captured in cloud servers used as honeypots to help understand how geography may impact the inflow of network attacks. The honeypots were placed in nine different geographical locations: Amsterdam, London, Frankfurt, San Francisco, New York, Singapore, Toronto, Bangalore, and Sydney. The data was captured from April 28th to July 1st, 2024.
The nine cloud servers were created and configured following identical instructions using Ansible [1] in DigitalOcean [2] cloud provider. The network capture was performed using the Zeek [3] network monitoring tool, which was installed on each cloud server. The cloud servers had only one service running (SSH on a non-standard port) and were fully dedicated to being used as a honeypot. No honeypot software was used in this dataset.
The dataset is composed of nine scenarios:
- Honeypot-Cloud-DigitalOcean-Geo-1: has 65 folders (YYYY-MM-DD), each containing 24 Zeek conn.log files and other Zeek files
- Honeypot-Cloud-DigitalOcean-Geo-2: has 65 folders (YYYY-MM-DD), each containing 24 Zeek conn.log files and other Zeek files
- Honeypot-Cloud-DigitalOcean-Geo-3: has 65 folders (YYYY-MM-DD), each containing 24 Zeek conn.log files and other Zeek files
- Honeypot-Cloud-DigitalOcean-Geo-4: has 65 folders (YYYY-MM-DD), each containing 24 Zeek conn.log files and other Zeek files
- Honeypot-Cloud-DigitalOcean-Geo-5: has 65 folders (YYYY-MM-DD), each containing 24 Zeek conn.log files and other Zeek files
- Honeypot-Cloud-DigitalOcean-Geo-6: has 65 folders (YYYY-MM-DD), each containing 24 Zeek conn.log files and other Zeek files
- Honeypot-Cloud-DigitalOcean-Geo-7: has 65 folders (YYYY-MM-DD), each containing 24 Zeek conn.log files and other Zeek files
- Honeypot-Cloud-DigitalOcean-Geo-8: has 65 folders (YYYY-MM-DD), each containing 24 Zeek conn.log files and other Zeek files
- Honeypot-Cloud-DigitalOcean-Geo-9: has 65 folders (YYYY-MM-DD), each containing 24 Zeek conn.log files and other Zeek files
References:
[1] Ansible IT Automation Engine, https://www.ansible.com/. Accessed on 08/28/2024.
[2] DigitalOcean, https://www.digitalocean.com/. Accessed on 08/28/2024.
[3] Zeek Documentation, https://docs.zeek.org/en/master/index.html. Accessed on 08/28/2024.
Funding:
The authors acknowledge support by the Strategic Support for the Development of Security Research in the Czech Republic 2019--2025 (IMPAKT 1) program, by the Ministry of the Interior of the Czech Republic under No. VJ02010020 -- AI-Dojo: Multi-agent testbed for the research and testing of AI-driven cyber security technologies.
Files
fig1_traffic_distribution_per_honeypot_per_day_log_scale.pdf
Files
(2.1 GB)
| Name | Size | Download all |
|---|---|---|
|
md5:8ee3bada8d3bf7b89427edbcd41990f2
|
334.3 kB | Preview Download |
|
md5:90add0a17d27b5116b60a5b5149afdb2
|
114.8 MB | Preview Download |
|
md5:58528b52ed3bdaefa07498f440639abc
|
120.6 MB | Preview Download |
|
md5:ad58bff7d7c038eb5f97ca5ea19c6f06
|
129.2 MB | Preview Download |
|
md5:138f3f21e4257bfa768eee0b2dfc7221
|
133.8 MB | Preview Download |
|
md5:e6c3de93fff1e1a913db2175ea4bbf70
|
126.5 MB | Preview Download |
|
md5:b9aa2d4b3bd322e50f63edabcab04783
|
179.8 MB | Preview Download |
|
md5:0daeb6e6b0d110289c7c7837179d40ed
|
121.4 MB | Preview Download |
|
md5:e8fc85e9e2930f5c6ebd66fb6af6f444
|
136.0 MB | Preview Download |
|
md5:4fcec567b9c9321dbd7307ef72803ae6
|
123.6 MB | Preview Download |
|
md5:e2623cea4f33544980c353f291020d50
|
2.0 kB | Preview Download |
|
md5:e6e0af5608b09ec31ac9b0a4267bbf85
|
919.7 MB | Preview Download |
|
md5:f6e199e717ead67317e763e56aadff76
|
7.1 kB | Download |
|
md5:b8aad1d3d5d49dd82a4a03f0256fa983
|
6.3 kB | Preview Download |
|
md5:aecb5d15022e5a14f56dd4c53a8fda24
|
12.7 kB | Preview Download |
Additional details
Dates
- Available
-
2024-10-09Published