g., if there is a probing attempt or general scanning on the ports). Data will also be collected from the log file of the monitoring tool and from the log of the operating system as well. According to Thomae and Bakos, honeypots also have some distinct advantages for data collection purposes, including the following:

Honeypots have no production use, most activity directed at honeypots represents genuine attacks, leading to few, if any, false positives.

Honeypots can capture all activity directed at them, allowing the detection of previously unknown attacks.

Honeypots can capture more attack data than most other intrusion-detection solutions, including (for some kinds of honeypots) shell commands, installed attack software, and even attacker-to-attacker interaction through chat servers or other communication mechanisms (Thomae & Bakos, pp. 1-2).

Honeypots facilitate this type of data analysis if properly administered. For instance, after collecting data from log files, security professionals should analyze it...
[ View Full Essay]