Acta Informatica Pragensia 2025, 14(3), 474-488 | DOI: 10.18267/j.aip.277461
DORA: Dionaea Observation and Data Collection Analysis for Real-Time Cyberattack Surveillance and Threat Intelligence
- Department of Informatics and Computer Engineering, State Polytechnic of Ujung Pandang, Makassar, Indonesia
Background: As assaults get more sophisticated, honeypots like Dionaea become an essential tool for analysing attack behaviours and detecting weaknesses. Despite their growing importance in cybersecurity, honeypots' role in real-time cyberattack surveillance and threat intelligence is largely unknown. Many studies concentrate on identifying attacks rather than delivering actionable intelligence for defensive solutions. Furthermore, previous research frequently lacks thorough methodology for comparing attack data to real-world incidents and does not investigate the integration of honeypots with external intelligence services.
Objective: This study assesses the Dionaea honeypot's ability to detect and analyse cyberattack trends, with an emphasis on attack patterns, malware dispersion, and geographical threat sources. The project will look into how Dionaea honeypots, when combined with external analysis services such as VirusTotal, might provide more thorough insights into cyberattack tactics and improve proactive cybersecurity defence mechanisms.
Methods: The Dionaea honeypot was used to identify a range of attacks on vulnerable services including Telnet (Port 23), SMB (Port 445), and MySQL (Port 3306). Over a seven-day observation period, 32,395 attack connections from 6,276 distinct IP addresses were detected, yielding 2,892 malware samples. These samples were examined using VirusTotal, and the findings were categorised by malware type, attack vector, and geographical origin. Geospatial and service-specific attack patterns were also investigated to detect emerging trends and high-risk sites.
Results: The investigation identified WannaCry ransomware as the most common malware, accounting for 1,076 incidents, demonstrating the continuous exploitation of the MS17-010 vulnerability in SMB (Port 445). The most frequently attacked ports were Port 23 (Telnet), Port 445 (SMB), and Port 3306 (MySQL), which received 7,988, 6,898, and 3,589 attack attempts, respectively. Geographically, the leading sources of assault activity were China (42%), the United States (17%), and Japan (13%). The findings demonstrate that honeypots are not only effective attack detection tools, but also significant sources of intelligence for understanding cyber threat methods and adversary behaviours.
Conclusion: This study proposes DORA (Dionaea Observation and Data Collection Analysis), an integrated system that enhances the existing Dionaea honeypot by combining its data with external analysis services like VirusTotal. This integration provides critical insights into real-time cyberattack detection, malware analysis, and attack vector identification. The findings highlight vulnerabilities in services like Telnet and SMB, particularly the exploitation of MS17-010. DORA improves threat intelligence workflows, enhancing malware detection accuracy and classifying threats more efficiently. Additionally, it helps identify high-risk attack surfaces, forming the basis for adaptive cybersecurity strategies. This research contributes to developing resilient defence systems capable of addressing emerging threats.
Keywords: Honeypot; Cybersecurity; Malware detection and analysis; Cyber threat detection; Network security; Real-time threat intelligence; Vulnerability assessment.
Received: March 6, 2025; Revised: June 3, 2025; Accepted: June 19, 2025; Prepublished online: August 8, 2025; Published: August 19, 2025 Show citation
ACS | AIP | APA | ASA | Harvard | Chicago | Chicago Notes | IEEE | ISO690 | MLA | NLM | Turabian | Vancouver |
References
- Bartwal, U., Mukhopadhyay, S., Negi, R., & Shukla, S. (2022). Security Orchestration, Automation, and Response Engine for Deployment of Behavioural Honeypots. In 2022 IEEE Conference on Dependable and Secure Computing (DSC). IEEE. https://doi.org/10.1109/DSC54232.2022.9888808
Go to original source...
- BSSN. (2024). Lanskap Keamanan Siber Indonesia 2024. Ilmu Bersama. https://ilmubersama.com/2025/03/30/lanskap-keamanan-siber-indonesia-2024-bssn/
- Commey, D., Hounsinou, S., & Crosby, G. V. (2024). Strategic Deployment of Honeypots in Blockchain-based IoT Systems. In 2024 IEEE 6th International Conference on AI Circuits and Systems (AICAS). IEEE. https://doi.org/10.1109/AICAS59952.2024.10595866
Go to original source...
- Holbel, R., Yerby, J., & Smith, W. (2024). Utilizing Virtualized Honeypots for Threat Hunting, Malware Analysis, and Reporting. Issues In Information Systems, 25(1), 265-278. https://doi.org/10.48009/1_iis_2024_122
Go to original source...
- Huang, C., Han, J., Zhang, X., & Liu, J. (2019). Automatic identification of honeypot server using machine learning techniques. Security and Communication Networks, 2019, Article 2627608. https://doi.org/10.1155/2019/2627608
Go to original source...
- Kristyanto, M. A., & Louk, M. H. L. (2024). Evaluation and Comparison of the Use of Reinforcement Learning Algorithms on SSH Honeypot. Teknika, 13(1), 77-85. https://doi.org/10.34148/teknika.v13i1.763
Go to original source...
- Liu, S., Wang, S., & Sun, K. (2023). Enhancing Honeypot Fidelity with Real-Time User Behavior Emulation. In Proceedings - 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks - Supplemental Volume, (pp. 146-150). IEEE. https://doi.org/10.1109/DSN-S58398.2023.00041
Go to original source...
- Maharani, F., Kalsum, T. U., & Alamsyah, H. (2024). Penerapan Honeypot Sebagai Sistem Keamanan Server Berbasis Linux. Jurnal Amplifier: Jurnal Ilmiah Bidang Teknik Elektro Dan Komputer, 14(2), 174-183. https://doi.org/10.33369/jamplifier.v14i2.38240
Go to original source...
- Martínez, S.C.J., Moreno A., H. O., & Hernández A., M. B. (2023). Analysis of Intrusions into Computer Systems using Honeypots. International Journal of Intelligent Systems and Applications in Engineering, 11(6s), 461-472.
- Moriæ, Z., Dakiæ, V., & Regvart, D. (2025). Advancing Cybersecurity with Honeypots and Deception Strategies. Informatics, 12(1), Article 14. https://doi.org/10.3390/informatics12010014
Go to original source...
- Naik, N., & Jenkins, P. (2018). A Fuzzy Approach for Detecting and Defending Against Spoofing Attacks on Low Interaction Honeypots. In 2018 21st International Conference on Information Fusion, (pp. 904-910). IEEE. https://doi.org/10.23919/ICIF.2018.8455555
Go to original source...
- Njoera, Y.A.D., Hartawan, I.N.B., Ariana, A.A.G.B, & Krisna, E.D. (2024). The Analysis of Honeypot Performance Using Grafana Loki and ELK Stack Visualization. Informatika Dan Sains, 14(3), 297-309.
- Patel, P., Dalvi, A., & Sidddavatam, I. (2022). Exploiting Honeypot for Cryptojacking: The other side of the story of honeypot deployment. In 2022 6th International Conference on Computing, Communication, Control and Automation, ICCUBEA 2022. IEEE. https://doi.org/10.1109/ICCUBEA54992.2022.10010904
Go to original source...
- Radoglou-Grammatikis, P., Sarigiannidis, P., Diamantoulakis, P., Lagkas, T., Saoulidis, T., Fountoukidis, E., & Karagiannidis, G. (2024). Strategic Honeypot Deployment in Ultra-Dense beyond 5G Networks: A Reinforcement Learning Approach. IEEE Transactions on Emerging Topics in Computing, 12(2), 643-655. https://doi.org/10.1109/TETC.2022.3184112
Go to original source...
- Ryandy, Lim, C., & Silaen, K. E. (2020). XT-Pot: eXposing Threat Category of Honeypot-based attacks. In Proceedings of the 2020 International Conference on Engineering and Information Technology for Sustainable Industry, (Article 31). ACM. https://doi.org/10.1145/3429789.3429868
Go to original source...
- Saikawa, K., & Klyuev, V. (2019). Detection and Classification of Malicious Access using a Dionaea Honeypot. In 10th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). IEEE. https://doi.org/10.1109/IDAACS.2019.8924340
Go to original source...
- Shahrivartehrani, S., & Abidin, S. (2016). Dionaea Honeypot Implementation and Malware Analysis in Cloud Environment. Journal of Computing Technologies and Creative Content, 1(1), 1-5.
- Shi, L., Li, Y., Liu, T., Liu, J., Shan, B., & Chen, H. (2019). Dynamic Distributed Honeypot Based on Blockchain. IEEE Access, 7, 72234-72246. https://doi.org/10.1109/ACCESS.2019.2920239
Go to original source...
- Siddiqui, M. A., & Bokhari, M. U. (2021). Honeypot-Based Intrusion Detection System: A Performance Analysis. International Journal of Enhanced Research in Management & Computer Applications, 10(7), 1-7.
- Syamsuddin, I., & Barukab, O. M. (2022). SUKRY: Suricata IDS with Enhanced kNN Algorithm on Raspberry Pi for Classifying IoT Botnet Attacks. Electronics, 11(5), Article 737. https://doi.org/10.3390/electronics11050737
Go to original source...
- Tabari, A. Z., & Ou, X. (2020a). A First Step Towards Understanding Real-world Attacks on IoT Devices. arXiv:2003.01218. https://doi.org/10.48550/arXiv.2003.01218
Go to original source...
- Tabari, A.Z., & Ou, X. (2020b). A Multi-phased Multi-faceted IoT Honeypot Ecosystem. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, (pp. 2121-2123). ACM. https://doi.org/10.1145/3372297.3420023
Go to original source...
- Thom, J., Shah, Y., & Sengupta, S. (2021). Correlation of Cyber Threat Intelligence Data across Global Honeypots. In 2021 IEEE 11th Annual Computing and Communication Workshop and Conference, (pp, 766-772). IEEE. https://doi.org/10.1109/CCWC51732.2021.9376038
Go to original source...
- Wang, B., Dou, Y., Sang, Y., Zhang, Y., & Huang, J. (2020). IoTCMal: Towards A Hybrid IoT Honeypot for Capturing and Analyzing Malware. In ICC 2020 - 2020 IEEE International Conference on Communications (ICC). IEEE. https://doi.org/10.1109/ICC40277.2020.9149314
Go to original source...
- Wang, M., Santillan, J., & Kuipers, F. (2018). ThingPot: an interactive Internet-of-Things honeypot. arXiv:1807.04114. http://arxiv.org/abs/1807.04114
- Yang, X., Yuan, J., Yang, H., Kong, Y., Zhang, H., & Zhao, J. (2023). A Highly Interactive Honeypot-Based Approach to Network Threat Management. Future Internet, 15(4), Article 127. https://doi.org/10.3390/fi15040127
Go to original source...
- Zhang, W., Zhang, B., Zhou, Y., He, H., & Ding, Z. (2020). An IoT Honeynet Based on Multiport Honeypots for Capturing IoT Attacks. IEEE Internet of Things Journal, 7(5), 3991-3999. https://doi.org/10.1109/JIOT.2019.2956173
Go to original source...
- Zhang, Y., Zhang, H., Yuan, X., & Tzeng, N. F. (2019). Pseudo-Honeypot: Toward Efficient and Scalable Spam Sniffer. In Proceedings - 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2019, (pp. 435-446). IEEE. https://doi.org/10.1109/DSN.2019.00052
Go to original source...
- Zia R.S.M., Uddin, M. J., & Islam, A. (2019). Know Your Enemy: Analysing Cyber-Threats Against Industrial Control Systems Using Honeypot. In 2019 IEEE International Conference on Robotics, Automation, Artificial-Intelligence and Internet-of-Things, (pp. 151-154). IEEE. https://doi.org/10.1109/RAAICON48939.2019.69
Go to original source...
This is an open access article distributed under the terms of the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits use, distribution, and reproduction in any medium, provided the original publication is properly cited. No use, distribution or reproduction is permitted which does not comply with these terms.