Design and Implementation of Honeypot Indicator of Compromise (IoC) Profiling using Malware Information Sharing Platform (MISP)

The Cyberthreat Defense Report by cyber-edge in 2019 mentions that the amount of attack data that needs to be analyzed becomes a problem that ranks first related to the obstacles experienced by organizations to improve the effectiveness of cyber-defense. This problem also occurs in the implementation of Honeypot as a security sensor. The amount of data generated and not identified causes honeypot implementation to be less effective. Malware Information Sharing Platform (MISP) is a forum for malware researchers to share information related to incidents on cyber security. This study proposes an Indicator of Compromise (IoC) assessment method derived from Honeypot based on data correlation between Honeypot and MISP. MISP is used as an external feeder used to supply analytical data from organizations registered with the MISP. Profiling gives the IoC a numerical value (0-100) that can represent the level of risk. The profiling system built using python programming language and elastic stack framework in this study succeeded in creating a system that can collect, store, visualize, and assess IoC. This benefit can be used as a trigger for early warning systems for security threats to an organization to take rapid action against further security incidents. © 2023 American Institute of Physics Inc.. All rights reserved.