VISUALIZATION AS SUPPORT FOR WEB HONEYPOT DATA ANALYSIS

• Authors: Cabaj Krzysztof
• Languages of publication: EN

Abstracts

EN

The paper presents methodologies associated with visualization, which supports data analysis. Analyzed data has been gathered by HoneyPot systems deployed in the network of Institute of Computer Science. Due to the vast amounts of data, the manual analysis was almost impossible and very impractical, also considering time constraints. Introduced visualization techniques and supporting filtering features are implemented in HPMS (HoneyPot Management System). The paper describes in details two introduced methodologies which support data analysis using both charts and graphs. The first one is used for the discovery of basic activities observed by HoneyPot. The second one is used for advanced analysis of machines used during attacks concerning PhpMyAdmin software.

Keywords

EN

HoneyPot systems; visualization; data-mining; monitoring

• Publisher: Katedra Informatyki Szkoła Główna Gospodarstwa Wiejskiego w Warszawie
• Journal: Information Systems in Management
• Year: 2015
• Volume: 4
• Issue: 1
• Pages: 14-25

Dates

published

2015

Contributors

author

Cabaj Krzysztof

• Institute of Computer Science, Warsaw University of Technology

References

• Cabaj K., Denis M., Buda M. (2013) Management and Analytical Software for Data Gathered from HoneyPot System, Information Systems in Management, WULS Press Warsaw, vol. 2, nr 3, 182-193
• Cheswick B. (1992) An Evening with Berferd in which a cracker is Lured, Endured, and Studied, In Proc. Winter USENIX Conference
• Provos N., Holz T. (2008) Virtual Honeypots: From Botnet Tracking to Intrusion Detection, Addison-Wesley
• Baecher P., Koetter M., Dornseif M., Freiling F. (2006), The nepenthes platform: An efficient approach to collect malware, In Proceedings of the 9 th International Symposium on Recent Advances in Intrusion Detection (RAID06)
• Dionaea catches bugs, http://dionaea.carnivore.it/ [2014.11.29]
• Cabaj K., Gawkowski P. (2014) HoneyPot systems in practice, The Nineteenth International Multi-Conference On Advanced Computer Systems (ACS14), Międzyzdroje, Poland, October 22-24
• Shell Shock attack, http://en.wikipedia.org/wiki/Shellshock_%28software_bug%29 [2014.11.29]
• PhpMyAdmin, www.phpmyadmin.net/ [2014.11.29]
• Bringer M. L., Chelmecki C. A., Fujinoki H., (2012) A Survey: Recent Advances and Future Trends in Honeypot Research, I. J. Computer Network and Information Security 10, 63-75
• N. Provos, T. Holz, Praise for virtual HoneyPots, Pearson Education, ISBN 978-0-321-33632-3, (2007)
• Fu X., Yu W., Cheng D., Tan X., Streff K., and Graham S., (2006) On Recognizing Virtual Honeypots and Countermeasures,‖ Proceedings of the IEEE International Symposium on Dependable, Autonomic and Secure Computing, 211-218

Identifiers

ISSN

2084-5537