CFP last date
20 February 2026
Call for Paper
March Edition
IJCA solicits high quality original research papers for the upcoming March edition of the journal. The last date of research paper submission is 20 February 2026

Submit your paper
Know more
The week's pick
Responsive image
A Knowledge-Graph–Driven Multimodal Large Model for Semantic Understanding and Controllable Generation of Intangible Cultural Heritage

Jundi Yang Heng Yao
Random Articles
Reseach Article

Discovering SSH Attack Patterns using Cowrie Honeypot and K-Means Clustering

by Samadram Govind Singh
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 187 - Number 74
Year of Publication: 2026
Authors: Samadram Govind Singh
10.5120/ijca2026926253

Samadram Govind Singh . Discovering SSH Attack Patterns using Cowrie Honeypot and K-Means Clustering. International Journal of Computer Applications. 187, 74 ( Jan 2026), 32-39. DOI=10.5120/ijca2026926253

@article{ 10.5120/ijca2026926253,
author = { Samadram Govind Singh },
title = { Discovering SSH Attack Patterns using Cowrie Honeypot and K-Means Clustering },
journal = { International Journal of Computer Applications },
issue_date = { Jan 2026 },
volume = { 187 },
number = { 74 },
month = { Jan },
year = { 2026 },
issn = { 0975-8887 },
pages = { 32-39 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume187/number74/discovering-ssh-attack-patterns-using-cowrie-honeypot-and-k-means-clustering/ },
doi = { 10.5120/ijca2026926253 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2026-01-20T22:56:25.226912+05:30
%A Samadram Govind Singh
%T Discovering SSH Attack Patterns using Cowrie Honeypot and K-Means Clustering
%J International Journal of Computer Applications
%@ 0975-8887
%V 187
%N 74
%P 32-39
%D 2026
%I Foundation of Computer Science (FCS), NY, USA
Abstract

This paper focuses on interaction of Honeypots with Machine Learning for threat detection by finding out the patterns, anomalies, and learn from them. In this particular study, Cowrie Honeypot has been deployed on an Ubuntu Server, and its own environment is set up using python. The environment is totally isolated from the original actual server environment, and cowrie mimics the original environment, thereby luring the Hackers/Attackers to fall into the trap. Cowrie generally interacts with the SSH environment, and all the commands, IP addresses, and timestamps are captured in the log file, which is saved in the path defined by the Administrator. Further, the log file is converted to csv file for feeding the collected data to Altair RapidMiner for its Clustering Algorithm. In RapidMiner, the csv file is retrieved, fed to Select Attribute so that the desired attributes are selected and filtered. Cowrie log generally contains a handful of noise, so normalization is needed. However, since normalization is done using z-transformation, it accepts only numerical values. This nominal-to-numerical converter is added in the process for further feeding to the Normalize operator. The normalized data is then fed to the Clustering operator, where the K-Means Clustering Algorithm is deployed in this research. In this study, 3 Clusters are studied. Using clustering analysis revealed distinct patterns in SSH honeypot attack behavior, effectively transforming unprocessed log data into actionable intelligence for strengthening proactive security responses. In summary, integrating honeypot deception strategies with machine learning represents a significant advancement in the field of cybersecurity. This combined approach enhances threat detection and analysis while paving the way for robust, adaptive, and self-evolving security systems capable of countering ever-changing cyber threats.

References
  1. Shyamalendu Paul, Amitava Podder, Kaustav Roy, (2024), Exploring the Impact of AI-based Honeypots on Network Security, Educational Administration: Theory and Practice, 30(6), 251-258, Doi: 10.53555/kuey.v30i6.5155
  2. Iyer, Kumrashan Indranil. (2021). Adaptive honeypots: Dynamic deception tactics in modern cyber defense. International Journal of Science and Research Archive. 04. 340-351. 10.30574/ijsra.2021.4.1.0210.
  3. Dakic, Vedran & Regvart, Damir. (2025). Advancing Cybersecurity with Honeypots and Deception Strategies. Informatics. 12. 14. 10.3390/informatics12010014.
  4. Narayana Gaddam. (2025). AI-enhanced honeypots for advanced cyber deception strategies. QIT Press - International Journal of Cyber Security Research and Development (QITP-IJCSRD), 5(1), 9–19.
  5. J. Franco, A. Aris, B. Canberk and A. S. Uluagac, "A Survey of Honeypots and Honeynets for Internet of Things, Industrial Internet of Things, and Cyber-Physical Systems," in IEEE Communications Surveys & Tutorials, vol. 23, no. 4, pp. 2351-2383
  6. Martínez S., C. J. ., Moreno A., H. O. ., & Hernández A., M. B. . (2023). Analysis of Intrusions into Computer Systems using Honeypots. International Journal of Intelligent Systems and Applications in Engineering, 11(6s), 461–472. Retrieved from https://ijisae.org/index.php/IJISAE/article/view/2871
  7. Sokol, P., Míšek, J. & Husák, M. Honeypots and honeynets: issues of privacy. EURASIP J. on Info. Security 2017, 4 (2017). https://doi.org/10.1186/s13635-017-0057-4
  8. Mokube, Iyatiti & Adams, Michele. (2007). Honeypots: concepts, approaches, and challenges. 321-326. 10.1145/1233341.1233399.
  9. Bharadiya, Jasmin. (2023). Machine Learning in Cybersecurity: Techniques and Challenges. European Journal of Technology. 7. 10.47672/ejt.1486.
  10. V. -I. Năstase, M. -E. Mihăilescu, S. Weisz, L. V. Dagilis, D. Mihai and M. Carabas, "Cowrie SSH Honeypot: Architecture, Improvements and Data Visualization," 2024 23rd RoEduNet Conference: Networking in Education and Research (RoEduNet), Bucharest, Romania, 2024, pp. 1-7, doi: 10.1109/RoEduNet64292.2024.10722609
  11. Krajčík, Patrik & Mikuláš, Matúš & Helebrandt, Pavol & Kotuliak, Ivan. (2025). Improvement of Cowrie honeypot interaction and deception capabilities. 1-9. 10.1109/KIT67756.2025.11205433.
  12. Li, Youguo & Wu, Haiyan. (2012). A Clustering Method Based on K-Means Algorithm. Physics Procedia. 25. 1104-1109. 10.1016/j.phpro.2012.03.206.
  13. Zhang, Chaoyu & Wang, Ning & Hou, Y & Lou, Wenjing. (2025). Machine Learning-Based Intrusion Detection Systems: Capabilities, Methodologies, and Open Research Challenges. 10.36227/techrxiv.173627464.48290242/v1.
Index Terms

Computer Science
Information Sciences

Keywords

Honeypots Cowrie Ubuntu Machine Learning SSH

Powered by PhDFocusTM