Cybersecurity deception technologies: integrating cowrie and ELK Stack to detect network attacks
DOI:
https://doi.org/10.46299/j.isjea.20250406.01Keywords:
cowrie, deception technologies, honeypot, ELK Stack, cyber threatsAbstract
The article examines deception technologies in the field of cybersecurity to enhance the effectiveness of detecting attacks on network traffic. The primary objective of this work is to conduct a practical study on integrating the cowrie system, which emulates SSH and Telnet servers, with the ELK Stack platform (Elasticsearch, Logstash, Kibana) for collecting, processing, and visualizing data related to suspicious activity. The research aims to develop a method for configuring a honeypot system and integrating it into a centralized analytical system, enabling a timely response to potential threats.The research methods include the analysis of modern deception technologies and their comparison, the configuration and optimization of cowrie for collecting logs about network attacks, as well as the integration of the obtained data into the ELK Stack. To assess the effectiveness of the system, an experimental approach was employed, focusing on the types of attacks, sources of intrusions, and the behavior of attackers within the network. Data visualization in Kibana allowed for a detailed analysis of activity and the generation of operational reports on security incidents. The study's results showed that the integrated system of cowrie and ELK Stack effectively captures and classifies unauthorized access attempts, password attacks, and other typical network threats. It was found that combining trap emulation with centralized data analysis enables an increase in the speed of attack detection and enhances the understanding of attacker behavior. Configuring logging and data correlation provides a flexible approach to monitoring and security analytics.The scientific novelty of the study lies in the development of an integrated approach to applying deception technologies in cybersecurity, utilizing the honeypot cowrie and the ELK Stack data analysis platform for the detection, monitoring, and analysis of attacks on network traffic. A method for the automated collection and correlation of data on unauthorized actions is proposed, which enables an increase in the accuracy of detection and the speed of response to threats. The study demonstrates the effectiveness of integrating emulated traps with a visualization and analytics system, providing a deeper understanding of attacker behavior and the ability to predict potential scenarios of intrusions into the network infrastructure.The findings highlight that deception technologies are an effective tool for counteracting cyber threats, and their integration with analytics platforms, such as ELK Stack, significantly enhances organizations' ability to respond to incidents. Recommendations include implementing such systems in corporate and cloud environments, regularly updating honeypot configurations, and improving data visualization and analysis methods. Future directions involve automating incident response based on collected data, integrating with SIEM systems, and using machine learning to predict and prevent new types of attacks.References
Sverstyuk A.S., Andrushchak I.Ye. (2025). Features of modern use and application of aspects of Blockchain technology / Scientific publication «Expert opinion» Issue: 1. 2025. pp. 97-102. ISBN – 979-8-89965-344-5. / URL: https://www.expert-opinion.pp.ua
Tymoshchuk, D. & Yatskiv, V. (2024). Interactive cybersecurity training system based on simulation environments. Measuring and computing devices in technological processes, (4), 215–220. https://doi.org/10.31891/2219-9365-2024-80-26
Андрущак, І., Кошелюк, В., & Ясашний, Д. (2025). Підвищення безпеки контейнерів за допомогою розгортання honeypot. International Science Journal of Engineering & Agriculture, 4(3), 15–26. https://doi.org/10.46299/j.isjea.20250403.02
Бабич С.В. (2022). Визначення технології обману. Формування моделі Deception. Збірник матеріалів проблемно-наукової міжгалузевої конференції «Автоматизація та комп’ютерно-інтегровані технології» (АКІТ - 2022), Тернопіль, 2022. – c. 115-117
Kosheliuk, V., & Tulashvili, Y. (2024). Implementing honeypots for detecting cyber threats with AWS using the ELK. International Journal of Computing, 23(4), 618-624. https://doi.org/10.47839/ijc.23.4.3761
Cabral, W.Z., Valli, C., Sikos, L.F., Wakeling, S.G. (2021). Advanced Cowrie Configuration to Increase Honeypot Deceptiveness. In: Jøsang, A., Futcher, L., Hagen, J. (eds) ICT Systems Security and Privacy Protection. SEC 2021. IFIP Advances in Information and Communication Technology, vol 625. Springer, Cham. https://doi.org/10.1007/978-3-030-78120-0_21
Andrushchak I. (2024). Aspects of blockchain technology as a component of information security. Technical, agricultural and physical sciences as the main sciences of human development: collective monograph / Іnternational Science Group. – Boston : Primedia eLaunch, 2024. 172-182 р. https://doi.org/10.46299/ ISG.2024.MONO.TECH.1
P. Krajčík, M. Mikuláš, P. Helebrandt and I. Kotuliak. (2025). Improvement of Cowrie honeypot interaction and deception capabilities. Communication and Information Technologies (KIT), Vysoke Tatry, Slovakia, 2025, pp. 1-9, https://doi.org/10.1109/KIT67756.2025.11205433
M. N. Azzahri et al. (2024). The Application of Cowrie Honeypot to Analyze Attacks on SSH and Telnet Protocols. IEEE 2nd International Conference on Electrical Engineering, Computer and Information Technology (ICEECIT), Jember, Indonesia, 2024, pp. 290-295, https://doi.org/10.1109/ICEECIT63698.2024.10859786.
Morić, Z., Dakić, V., & Regvart, D. (2025). Advancing Cybersecurity with Honeypots and Deception Strategies. Informatics, 12(1), 14. https://doi.org/10.3390/informatics12010014
Mukti, Fransiska Sisilia & Sukmawan, R. (2021). Integration of Low Interaction Honeypot and ELK Stack as Attack Detection Systems on Servers. Jurnal Penelitian Pos dan Informatika. 11. https://doi.org/10.17933/jppi.v11i1.336.
Visalom, R.-M., Mihăilescu, M.-E., Rughiniș, R., & Țurcanu, D. (2025). Intercepting and Monitoring Potentially Malicious Payloads with Web Honeypots. Future Internet, 17(9), 422. https://doi.org/10.3390/fi17090422
Morić, Z., Dakić, V., & Regvart, D. (2025). Advancing Cybersecurity with Honeypots and Deception Strategies. Informatics, 12(1), 14. https://doi.org/10.3390/informatics12010014
Azzahri, Muhammad & Selian, Restu & Muchallil, Sayed & Nurdin, Yudha & Afidh, Razief & Umam, Khairul & Dawood, Rahmad. (2024). The Application of Cowrie Honeypot to Analyze Attacks on SSH and Telnet Protocols. 290-295. 10.1109/ICEECIT63698.2024.10859786.
W. Cabral, C. Valli, L. Sikos and S. Wakeling, "Review and Analysis of Cowrie Artefacts and Their Potential to be Used Deceptively," 2019 International Conference on Computational Science and Computational Intelligence (CSCI), Las Vegas, NV, USA, 2019, pp. 166-171, doi: 10.1109/CSCI49370.2019.00035.
Cabral, W.Z., Valli, C., Sikos, L.F., Wakeling, S.G. (2021). Advanced Cowrie Configuration to Increase Honeypot Deceptiveness. In: Jøsang, A., Futcher, L., Hagen, J. (eds) ICT Systems Security and Privacy Protection. SEC 2021. IFIP Advances in Information and Communication Technology, vol 625. Springer, Cham. https://doi.org/10.1007/978-3-030-78120-0_21
Elliot Anderson. (2023). Is the ELK Stack a SIEM? URL: https://www.lumificyber.com/blog/is-the-elk-stack-a-siem/
Hassen Hannachi. (2024). Elastic — Elastic SIEM Fundamentals. URL: https://hassen-hannachi.medium.com/elastic-elastic-siem-fundamentals-3337d580fafe
Karaarslan, E., Güler, E., Yüce, E.E., & Coban, C. (2025). Towards Log Analysis with AI Agents: Cowrie Case Study. ArXiv, abs/2509.05306.
Amir Javadpour, Forough Ja'fari, Tarik Taleb, Mohammad Shojafar, Chafika Benzaïd. (2024) A comprehensive survey on cyber deception techniques to improve honeypot performance. Computers & Security, Volume 140, 2024, 103792, https://doi.org/10.1016/j.cose.2024.103792.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Igor Andrushchak, Viktor Kosheliuk, Ilya Veremiy
This work is licensed under a Creative Commons Attribution 4.0 International License.
