Visualization as Support for Web HoneyPot Data Analysis

• Autorzy: Krzysztof Cabaj
• Języki publikacji: EN

Abstrakty

EN

The paper presents methodologies associated with visualization, which supports data analysis. Analyzed data has been gathered by HoneyPot systems deployed in the network of Institute of Computer Science. Due to the vast amounts of data, the manual analysis was almost impossible and very impractical, also considering time constraints. Introduced visualization techniques and supporting filtering features are implemented in HPMS (HoneyPot Management System). The paper describes in details two introduced methodologies which support data analysis using both charts and graphs. The first one is used for the discovery of basic activities observed by HoneyPot. The second one is used for advanced analysis of machines used during attacks concerning PhpMyAdmin software. (original abstract)

Słowa kluczowe

PL

Wizualizacja danych; Analiza danych; Data Mining; Monitoring

EN

Data visualisation; Data analysis; Data Mining; Monitoring

• Czasopismo: Information Systems in Management
• Rocznik: 2015
• Tom: 4
• Numer: nr 1
• Strony: 14-25

Twórcy

autor

Krzysztof Cabaj

• Warsaw University of Technology, Poland

Bibliografia

• [1] Cabaj K., Denis M., Buda M. (2013) Management and Analytical Software for Data Gathered from HoneyPot System, Information Systems in Management, WULS Press Warsaw, vol. 2, nr 3, 182-193.
• [2] Cheswick B. (1992) An Evening with Berferd in which a cracker is Lured, Endured, and Studied, In Proc. Winter USENIX Conference.
• [3] Provos N., Holz T. (2008) Virtual Honeypots: From Botnet Tracking to Intrusion Detection, Addison-Wesley.
• [4] Baecher P., Koetter M., Dornseif M., Freiling F. (2006), The nepenthes platform: An efficient approach to collect malware, In Proceedings of the 9th International Symposium on Recent Advances in Intrusion Detection (RAID06).
• [5] Dionaea catches bugs, http://dionaea.carnivore.it/ [2014.11.29].
• [6] Cabaj K., Gawkowski P. (2014) HoneyPot systems in practice, The Nineteenth International Multi-Conference On Advanced Computer Systems (ACS14), Międzyzdroje, Poland, October 22-24.
• [7] Shell Shock attack, http://en.wikipedia.org/wiki/Shellshock_%28software_bug%29 [2014.11.29].
• [8] PhpMyAdmin, www.phpmyadmin.net/ [2014.11.29].
• [9] Bringer M. L., Chelmecki C. A., Fujinoki H., (2012) A Survey: Recent Advances and Future Trends in Honeypot Research, I. J. Computer Network and Information Security 10, 63-75.
• [10] N. Provos, T. Holz, Praise for virtual HoneyPots, Pearson Education, ISBN 978-0-321-33632-3, (2007).
• [11] Fu X., Yu W., Cheng D., Tan X., Streff K., and Graham S., (2006) On Recognizing Virtual Honeypots and Countermeasures, In Proceedings of the IEEE International Symposium on Dependable, Autonomic and Secure Computing, pp. 211-218.