Identyfikatory
Warianty tytułu
Języki publikacji
Abstrakty
The paper describes details concerning systems used for analysis and the result of data gathered from two various HoneyPot systems, implemented at Institute of Computer Science. The first system uses data mining techniques for the automatic discovery of interesting patterns in connections directed to the HoneyPot. The second one is responsible for the collection and the initial analysis of attacks dedicated to the Web applications, which nowadays is becoming the most interesting target for cybercriminals. The paper presents results from almost a year of usage, with implemented prototypes, which prove it's practical usefulness. The person performing analysis improves effectiveness by using potentially useful data, which is initially filtered from noise, and automatically generated reports. The usage of data mining techniques allows not only detection of important patterns in rapid manner, but also prevents from overlooking interesting patterns in vast amounts of other irrelevant data.
Słowa kluczowe
Czasopismo
Rocznik
Tom
Strony
182--193
Opis fizyczny
Bibliogr. 8 poz., rys., tab., wykr.
Bibliografia
- [1] Cheswick B. (1992) An Evening with Berferd in which a cracker is Lured, Endured, and Studied, In Proc. Winter USENIX Conference
- [2] Provos N., Holz T. (2008) Virtual Honeypots: From Botnet Tracking to Intrusion Detection, Addison-Wesley
- [3] Baecher P., Koetter M., Dornseif M., Freiling F. (2006), The nepenthes platform: An efficient approach to collect malware, In Proceedings of the 9 th International Symposium on Recent Advances in Intrusion Detection (RAID06)
- [4] dionaea catches bugs, http://dionaea.carnivore.it/ [25.11.2013]
- [5] Carniwwwhore , http://carnivore.it/2010/11/27/carniwwwhore [25.11.2013]
- [6] Agrawal R., Imielinski T., Swami A. (1993) Mining Association Rules Between Sets of Items in Large Databases, Proceedings of ACM SIGMOD Int. Conf. Management of Data,
- [7] Dong G., Li. J. (1999) Efficient mining of Emerging Patterns: Discovering Trends and Differences. In Proceedings of the Fifth International Conference on Knowledge Discovery and Data Mining, San Diego, USA (SIGKDD’99), 43–52
- [8] White G.N. (2010) What's Up With All The Port Scanning Using TCP/6000 As A Source Port?, https://secure.dshield.org/diary/What%27s+Up+With+All+The+Port+Scanning +Using+TCP6000+As+A+Source+Port%3F/7924 [25.11.2013]
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-83f0be6e-29e0-4eda-bed8-235a2f8374bf