Knowledge Graphs for Cybersecurity: A Framework for Honeypot Data Analysis

In the field of cybersecurity, the complexity and diversity of data present significant challenges for effective analysis. This paper explores the use of knowledge graphs as a tool to enhance the analysis of honeypot data. We detail the entire process, from data collection and pre-processing to the creation of the knowledge graph and its subsequent analysis. Our approach enables complex query analysis and provides insights into the sequence and patterns of attacker commands in a specific session, as well as a summary of activities originating from a specific IP address. However, the adaptability of the transformation process may vary depending on the characteristics of the source documents. Our paper underscores the importance of knowledge graphs in enabling more effective threat detection and response mechanisms through a more comprehensive and deeper analysis of honeypot data. Future research could explore real-time graph updating, pattern recognition with machine learning, threat prediction, and attack attribution.