Performance and Risk Assessment of Honeypots on IoT and VPS Using COBIT 2019 and Stress Test

Lukas Hadi Purnama; Daniel Hary Prasetyo

doi:10.47709/cnahpc.v7i3.6661

Authors

Lukas Hadi Purnama Master of Informatics, Surabaya University, Indonesia
Daniel Hary Prasetyo Master of Informatics, Surabaya University, Indonesia

DOI:

https://doi.org/10.47709/cnahpc.v7i3.6661

Keywords:

Cobit 2019, Internet of Things (IoT), Cloud Computing; Private Cloud Storage; Owncloud; Virtualbox; Ubuntu Server

Abstract

The massive wave of digital transformation has increased the complexity of cyber threats, particularly targeting vital network services. Honeypots have emerged as an effective approach for detecting and analyzing attacks, yet platform selection and management strategies remain a challenge. This study analyzes the performance, management, and risks of two types of honeypots, Cowrie (medium interaction) and Heralding (low interaction), implemented in different computing environments, based on the COBIT 2019 framework (domains EDM03, APO12, and DSS05). Evaluation was conducted through experiments on SSH, Telnet, FTP, SMB, MySQL, and HTTP services, utilizing both isolated and multistage honeypot scenarios. The results show that both honeypot deployments effectively capture brute force and botnet attack patterns and enable accurate logging and validation of attack activities. The analysis of false positive rates and structured log validation processes produced more accurate and relevant attack data. This study is among the first to provide a holistic evaluation of Cowrie and Heralding honeypots with direct COBIT 2019 integration, presenting a novel perspective on governance-driven risk management in honeypot implementation. The application of the COBIT framework ensures that honeypot deployment is not only technically effective but also aligned with robust governance and risk management practices for information security. Strategic recommendations are provided regarding configuration optimization, platform selection, and COBIT-based governance integration to enhance organizational cybersecurity resilience

Downloads

Download data is not yet available.

References

Amirta, H. C. T., Jambak, M. I., Suarli, P. P., Utama, Y., Wedhasmara, A., & Sevtiyuni, P. E. (2023). Risk Management Evaluation in Hospital Management Information Systems Using Framework COBIT 2019—Case Study: Ernaldi Bahar South Sumatera Hospital. Sriwijaya Journal of Informatics and Applications. https://api.semanticscholar.org/CorpusID:261039981

Andriani, Y., & Riadi, I. (2021). Risk Assessment of Monitoring Services using COBIT 5 Framework. International Journal of Computer Applications. https://api.semanticscholar.org/CorpusID:244467383

Ayu, A. L., Lubis, M., Abdurrahman, L., Zamzami, I. F., Alqahtani, R. A., & Ramadhani, R. (2024). Assessment of IT Risk Management at the Faculty of Industrial Engineering, Telkom University, Utilizing the COBIT 2019 Framework’s APO12 Domain with LAM INFOKOM Standards Mapping. Electronic Integrated Computer Algorithm Journal. https://api.semanticscholar.org/CorpusID:269279064

Bonta?, C. S., Stan, I.-M., & Rughini?, R. (2022). Honeypot Generator using Software Defined Networks and Recursively Defined Topologies. 2022 21st RoEduNet Conference: Networking in Education and Research (RoEduNet), 1–5. https://doi.org/10.1109/RoEduNet57163.2022.9921097

Cabral, W. Z., Valli, C., Sikos, L. F., & Wakeling, S. G. (2021). Advanced Cowrie Configuration to Increase Honeypot Deceptiveness. In A. Jøsang, L. Futcher, & J. Hagen (Eds.), ICT Systems Security and Privacy Protection (Vol. 625, pp. 317–331). Springer International Publishing. https://doi.org/10.1007/978-3-030-78120-0_21

Christiadi, R. N., & Sutomo, R. (2023). Measurement of IT Security Governance Capabilities Using COBIT 2019 at Indonesian Business Sector. G-Tech: Jurnal Teknologi Terapan. https://api.semanticscholar.org/CorpusID:263719617

Dhafin, D., Wahyu, W. I., & Zhacque, V. A. (2025). Implementasi Dan Analisis Honeypot Berbasis Cowrie Untuk Mendeteksi Serangan Siber. METHODIKA: Jurnal Teknik Informatika Dan Sistem Informasi. https://api.semanticscholar.org/CorpusID:277458668

Ernawati, T., & Rachmat, F. F. F. (2021). Keamanan Jaringan dengan Cowrie Honeypot dan Snort Inline-Mode sebagai Intrusion Prevention System. Jurnal RESTI (Rekayasa Sistem Dan Teknologi Informasi). https://api.semanticscholar.org/CorpusID:233363975

Garnida, N. A., Mulyana, R. B., & Nurtrisha, W. A. (2023). Transformasi Digital InsurCo dengan Merancang Pengelolaan Risiko Teknologi Informasi Menggunakan Framework COBIT 2019 IT Risk Management Focus Area. Jurnal Ilmiah Teknologi Infomasi Terapan. https://api.semanticscholar.org/CorpusID:265263718

Hardjadinata, M. B., & Wiratama, J. (2023). Capability Assessment of IT Governance Using the 2019 COBIT Framework for the IT Business Consultant Industry. International Journal of Science, Technology & Management. https://api.semanticscholar.org/CorpusID:260359814

Ivanova, S., & Moradpoor, N. (2023). Fake PLC in the Cloud, We Thought the Attackers Believed that: How ICS Honeypot Deception Gets Impacted by Cloud Deployments? 2023 IEEE 19th International Conference on Factory Communication Systems (WFCS), 1–4. https://doi.org/10.1109/WFCS57264.2023.10144119

Kusumaningrum, Y., & Wella. (2021). Adoption of COBIT 5 Framework in Risk Management for Startup Company. Turkish Journal of Computer and Mathematics Education (TURCOMAT), 12(3), 1446–1452. https://doi.org/10.17762/turcomat.v12i3.942

Megasyah, Y., & Arifnur, A. A. (2020). Academic Information System Security Audits Using COBIT 5 Framework Domains APO12, APO13 AND DSS05. https://api.semanticscholar.org/CorpusID:219742439

Mehta, S., Pawade, D. Y., Nayyar, Y., Siddavatam, I. A., Tiwart, A., & Dalvi, A. (2021). Cowrie Honeypot Data Analysis and Predicting the Directory Traverser Pattern during the Attack. 2021 International Conference on Innovative Computing, Intelligent Communication and Smart Electrical Systems (ICSES), 1–4.

Mori?, Z., Daki?, V., & Regvart, D. (2025). Advancing Cybersecurity with Honeypots and Deception Strategies. Informatics, 12, 14.

Nugroho, A., & Ginardi, H. (2024). Information Technology Governance Analysis to Reduce Information Security Risks Using Cobit 2019: A Case Study of Manufacturing Companies. Jurnal Indonesia Sosial Teknologi. https://api.semanticscholar.org/CorpusID:272079093

Oktaviana, A., Adi, K., & Warsito, B. (2024). Adopting COBIT 2019 for the Evaluation of Information Technology Risk Management in a Startup Company. International Journal of Innovative Science and Research Technology (IJISRT). https://api.semanticscholar.org/CorpusID:270999581

Palša, J., Hurtuk, J., Chovancová, E., & Havira, M. (2022). Configuration Honeypots with an Emphasis on Logging of the Attacks and Redundancy. 2022 IEEE 20th Jubilee World Symposium on Applied Machine Intelligence and Informatics (SAMI), 000073–000076.

Patel, P., Dalvi, A., & Sidddavatam, I. (2022). Exploiting Honeypot for Cryptojacking: The other side of the story of honeypot deployment. 2022 6th International Conference On Computing, Communication, Control And Automation (ICCUBEA, 1–5.

Saputra, C. D., & Riadi, I. (2021). Analysis of Risk Assessment on Integrated Information System using COBIT 5 Framework. International Journal of Computer Applications. https://api.semanticscholar.org/CorpusID:240517944

Saputro, E. D., Purwanto, Y., & Ruriawan, M. F. (2021). Medium Interaction Honeypot Infrastructure on The Internet of Things. 2020 IEEE International Conference on Internet of Things and Intelligence System (IoTaIS), 98–102.

Sari, R. A., & Juwairiah, J. (2023). Evaluation of IT Risk Management in DISKOMINFO of Magelang Regency using COBIT Framework 2019 Objectve EDM03 & APO12. Telematika. https://api.semanticscholar.org/CorpusID:269778513

Satria, E., Huda, T. P. S., Iqbal, M., & Sarjana, F. W. (2021). The Investigation on Cowrie Honeypot Logs in Establishing Rule Signature Snort. IOP Conference Series: Earth and Environmental Science, 644(1), 012031. https://doi.org/10.1088/1755-1315/644/1/012031

Sausalito, C. (2020, November 13). Cybercrime To Cost The World $10.5 Trillion Annually By 2025. Cyber Crime Magazine. https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/#:~:text=Cybersecurity%20Ventures%20expects%20global%20cybercrime%20costs%20to,up%20from%20$3%20trillion%20USD%20in%202015.&text=Global%20spending%20on%20cybersecurity%20products%20and%20services,the%20five%2Dyear%20period%20from%202017%20to%202021.

Silaen, K. E., Gaol, F. L., Supangkat, S. H., & Ranti, B. (2024). Threat Modeling for Honeypot Deployment. 2024 IEEE 10th Information Technology International Seminar (ITIS), 57–61. https://doi.org/10.1109/ITIS64716.2024.10845226

Simatupang, S. C. I., & Fianty, M. I. (2023). Assessment of Capability Levels and Improvement Recommendations Using COBIT 2019 for the IT Consulting Industry. G-Tech: Jurnal Teknologi Terapan. https://api.semanticscholar.org/CorpusID:263646756