Management and analytical software for data gathered from HoneyPot system

• Autorzy: Cabaj K. , Denis M. , Buda M.
• Języki publikacji: EN

Abstrakty

EN

The paper describes details concerning systems used for analysis and the result of data gathered from two various HoneyPot systems, implemented at Institute of Computer Science. The first system uses data mining techniques for the automatic discovery of interesting patterns in connections directed to the HoneyPot. The second one is responsible for the collection and the initial analysis of attacks dedicated to the Web applications, which nowadays is becoming the most interesting target for cybercriminals. The paper presents results from almost a year of usage, with implemented prototypes, which prove it's practical usefulness. The person performing analysis improves effectiveness by using potentially useful data, which is initially filtered from noise, and automatically generated reports. The usage of data mining techniques allows not only detection of important patterns in rapid manner, but also prevents from overlooking interesting patterns in vast amounts of other irrelevant data.

Słowa kluczowe

EN

HoneyPot systems; data mining; monitoring

PL

systemy honeypot; data mining; monitoring

• Wydawca: Wydawnictwo Szkoły Głównej Gospodarstwa Wiejskiego w Warszawie
• Czasopismo: Information Systems in Management
• Rocznik: 2013
• Tom: Vol. 2, No. 3
• Strony: 182--193
• Opis fizyczny: Bibliogr. 8 poz., rys., tab., wykr.

Twórcy

autor

Cabaj K.

• Institute of Computer Science, Warsaw University of Technology

autor

Denis M.

• Institute of Computer Science, Warsaw University of Technology

autor

Buda M.

• Institute of Computer Science, Warsaw University of Technology

Bibliografia

• [1] Cheswick B. (1992) An Evening with Berferd in which a cracker is Lured, Endured, and Studied, In Proc. Winter USENIX Conference
• [2] Provos N., Holz T. (2008) Virtual Honeypots: From Botnet Tracking to Intrusion Detection, Addison-Wesley
• [3] Baecher P., Koetter M., Dornseif M., Freiling F. (2006), The nepenthes platform: An efficient approach to collect malware, In Proceedings of the 9 th International Symposium on Recent Advances in Intrusion Detection (RAID06)
• [4] dionaea catches bugs, http://dionaea.carnivore.it/ [25.11.2013]
• [5] Carniwwwhore , http://carnivore.it/2010/11/27/carniwwwhore [25.11.2013]
• [6] Agrawal R., Imielinski T., Swami A. (1993) Mining Association Rules Between Sets of Items in Large Databases, Proceedings of ACM SIGMOD Int. Conf. Management of Data,
• [7] Dong G., Li. J. (1999) Efficient mining of Emerging Patterns: Discovering Trends and Differences. In Proceedings of the Fifth International Conference on Knowledge Discovery and Data Mining, San Diego, USA (SIGKDD’99), 43–52
• [8] White G.N. (2010) What's Up With All The Port Scanning Using TCP/6000 As A Source Port?, https://secure.dshield.org/diary/What%27s+Up+With+All+The+Port+Scanning +Using+TCP6000+As+A+Source+Port%3F/7924 [25.11.2013]