Skip to main content

Research Repository

Advanced Search

Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment

Chacon, Joel; Mckeown, Sean; Macfarlane, Richard


Joel Chacon


Attacks by Advanced Persistent Threats (APTs) have been shown to be difficult to detect using traditional signature-and anomaly-based intrusion detection approaches. Deception techniques such as decoy objects, often called honey items, may be deployed for intrusion detection and attack analysis, providing an alternative to detect APT behaviours. This work explores the use of honey items to classify intrusion interactions, differentiating automated attacks from those which need some human reasoning and interaction towards APT detection. Multiple decoy items are deployed on honeypots in a virtual honey network, some as breadcrumbs to detect indications of a structured manual attack. Monitoring functionality was created around Elastic Stack with a Kibana dashboard created to display interactions with various honey items. APT type manual intrusions are simulated by an experienced pentesting practitioner carrying out simulated attacks. Interactions with honey items are evaluated in order to determine their suitability for discriminating between automated tools and direct human intervention. The results show that it is possible to differentiate automatic attacks from manual structured attacks; from the nature of the interactions with the honey items. The use of honey items found in the honeypot, such as in later parts of a structured attack, have been shown to be successful in classification of manual attacks, as well as towards providing an indication of severity of the attacks


Chacon, J., Mckeown, S., & Macfarlane, R. (2020). Towards Identifying Human Actions, Intent, and Severity of APT Attacks Applying Deception Techniques - An Experiment. .

Conference Name IEEE International Conference on Cyber Security and Protection of Digital Services (Cyber Security 2020)
Conference Location Dublin, Ireland
Start Date Jun 15, 2020
End Date Jun 19, 2020
Acceptance Date May 5, 2020
Online Publication Date Jul 13, 2020
Publication Date 2020
Deposit Date Jun 9, 2020
Publicly Available Date Jul 13, 2020
Publisher Institute of Electrical and Electronics Engineers
ISBN 9781728164298
Keywords deception; honeypots; honeynets; honeytokens; APT; early intrusion detection; human actions; severity; intent
Public URL


Towards Identifying Human Actions, Intent, And Severity Of APT Attacks Applying Deception Techniques - An Experiment (467 Kb)

You might also like

Downloadable Citations