Detecting User Behavior in Cyber Threat Intelligence: Development of Honeypsy System

This research demonstrates a design of an experiment hacker infiltrating server where it is assumed that the communication between and target established, also escalated his rights on server. Therefore, honeypot setup has been designed to reveal correlation hacker’s actions with experience, personality, expertise, psychology. To best our knowledge, such never tested rigorously implementation except for self-reporting tests applied hackers in literature. However, no study evaluates actual data these tests. provides understand personality expertise displays Our Honeypsy system composed Big-5 test, cyber capture-the-flag (CTF) event collect logs this sequence. These three steps generate psychology known hackers. The activities honeypots are obtained through CTF they have participated in. deployment honeypot, as well event, were specifically prepared research. aim predict unknown hacker's by analyzing data. By examining/analyzing hackers, now possible make predictions about same logic applies when one tries next move attacking We aimed underline details personalities thus help defense experts victimized institutions develop their strategies accordance modus operandi