EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

DORA: Dionaea Observation and Data Collection Analysis for Real-Time Cyberattack Surveillance and Threat Intelligence

Hartinah Hartinah, Andi Syarwani, Ardiansyah Ardiansyah and Irfan Syamsuddin

Acta Informatica Pragensia, 2025, vol. 2025, issue 3, 474-488

Abstract: Background: As assaults get more sophisticated, honeypots like Dionaea become an essential tool for analysing attack behaviours and detecting weaknesses. Despite their growing importance in cybersecurity, honeypots' role in real-time cyberattack surveillance and threat intelligence is largely unknown. Many studies concentrate on identifying attacks rather than delivering actionable intelligence for defensive solutions. Furthermore, previous research frequently lacks thorough methodology for comparing attack data to real-world incidents and does not investigate the integration of honeypots with external intelligence services.Objective: This study assesses the Dionaea honeypot's ability to detect and analyse cyberattack trends, with an emphasis on attack patterns, malware dispersion, and geographical threat sources. The project will look into how Dionaea honeypots, when combined with external analysis services such as VirusTotal, might provide more thorough insights into cyberattack tactics and improve proactive cybersecurity defence mechanisms.Methods: The Dionaea honeypot was used to identify a range of attacks on vulnerable services including Telnet (Port 23), SMB (Port 445), and MySQL (Port 3306). Over a seven-day observation period, 32,395 attack connections from 6,276 distinct IP addresses were detected, yielding 2,892 malware samples. These samples were examined using VirusTotal, and the findings were categorised by malware type, attack vector, and geographical origin. Geospatial and service-specific attack patterns were also investigated to detect emerging trends and high-risk sites.Results: The investigation identified WannaCry ransomware as the most common malware, accounting for 1,076 incidents, demonstrating the continuous exploitation of the MS17-010 vulnerability in SMB (Port 445). The most frequently attacked ports were Port 23 (Telnet), Port 445 (SMB), and Port 3306 (MySQL), which received 7,988, 6,898, and 3,589 attack attempts, respectively. Geographically, the leading sources of assault activity were China (42%), the United States (17%), and Japan (13%). The findings demonstrate that honeypots are not only effective attack detection tools, but also significant sources of intelligence for understanding cyber threat methods and adversary behaviours.Conclusion: This study proposes DORA (Dionaea Observation and Data Collection Analysis), an integrated system that enhances the existing Dionaea honeypot by combining its data with external analysis services like VirusTotal. This integration provides critical insights into real-time cyberattack detection, malware analysis, and attack vector identification. The findings highlight vulnerabilities in services like Telnet and SMB, particularly the exploitation of MS17-010. DORA improves threat intelligence workflows, enhancing malware detection accuracy and classifying threats more efficiently. Additionally, it helps identify high-risk attack surfaces, forming the basis for adaptive cybersecurity strategies. This research contributes to developing resilient defence systems capable of addressing emerging threats.

Keywords: Honeypot; Cybersecurity; Malware detection and analysis; Cyber threat detection; Network security; Real-time threat intelligence; Vulnerability assessment (search for similar items in EconPapers)
Date: 2025
References: Add references at CitEc
Citations:

Downloads: (external link)
http://aip.vse.cz/doi/10.18267/j.aip.277.html (text/html)
http://aip.vse.cz/doi/10.18267/j.aip.277.pdf (application/pdf)
free of charge

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:prg:jnlaip:v:2025:y:2025:i:3:id:277:p:474-488

Ordering information: This journal article can be ordered from
Redakce Acta Informatica Pragensia, Katedra systémové analýzy, Vysoká škola ekonomická v Praze, nám. W. Churchilla 4, 130 67 Praha 3
http://aip.vse.cz

DOI: 10.18267/j.aip.277

Access Statistics for this article

Acta Informatica Pragensia is currently edited by Editorial Office

More articles in Acta Informatica Pragensia from Prague University of Economics and Business Contact information at EDIRC.
Bibliographic data for series maintained by Stanislav Vojir ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-08-19
Handle: RePEc:prg:jnlaip:v:2025:y:2025:i:3:id:277:p:474-488