MANAGEMENT AND ANALYTICAL SOFTWARE FOR DATA GATHERED FROM HONEYPOT SYSTEM

• Authors: KRZYSZTOF CABAJ , MAREK DENIS , MICHAŁ BUDA
• Languages of publication: EN

Abstracts

EN

The paper describes details concerning systems used for analysis and the result of data gathered from two various HoneyPot systems, implemented at Institute of Computer Science. The first system uses data mining techniques for the automatic discovery of interesting patterns in connections directed to the HoneyPot. The second one is responsible for the collection and the initial analysis of attacks dedicated to the Web applications, which nowadays is becoming the most interesting target for cybercriminals. The paper presents results from almost a year of usage, with implemented prototypes, which prove it's practical usefulness. The person performing analysis improves effectiveness by using potentially useful data, which is initially filtered from noise, and automatically generated reports. The usage of data mining techniques allows not only detection of important patterns in rapid manner, but also prevents from overlooking interesting patterns in vast amounts of other irrelevant data.

Keywords

EN

HoneyPot systems; data-mining; monitoring

• Publisher: Katedra Informatyki Szkoła Główna Gospodarstwa Wiejskiego w Warszawie
• Journal: Information Systems in Management
• Year: 2013
• Volume: 2
• Issue: 3
• Pages: 182-193

Dates

published

2013

Contributors

author

KRZYSZTOF CABAJ

• Institute of Computer Science, Warsaw University of Technology

author

MAREK DENIS

• Institute of Computer Science, Warsaw University of Technology

author

MICHAŁ BUDA

• Institute of Computer Science, Warsaw University of Technology

References

• Cheswick B. (1992) An Evening with Berferd in which a cracker is Lured, Endured, and Studied, In Proc. Winter USENIX Conference
• Provos N., Holz T. (2008) Virtual Honeypots: From Botnet Tracking to Intrusion Detection, Addison-Wesley
• Baecher P., Koetter M., Dornseif M., Freiling F. (2006), The nepenthes platform: An efficient approach to collect malware, In Proceedings of the 9 th International Symposium on Recent Advances in Intrusion Detection (RAID06)
• dionaea catches bugs, http://dionaea.carnivore.it/ [25.11.2013]
• Carniwwwhore , http://carnivore.it/2010/11/27/carniwwwhore [25.11.2013]
• Agrawal R., Imielinski T., Swami A. (1993) Mining Association Rules Between Sets of Items in Large Databases, Proceedings of ACM SIGMOD Int. Conf. Management of Data,
• Dong G., Li. J. (1999) Efficient mining of Emerging Patterns: Discovering Trends and Differences. In Proceedings of the Fifth International Conference on Knowledge Discovery and Data Mining, San Diego, USA (SIGKDD’99), 43–52
• White G.N. (2010) What's Up With All The Port Scanning Using TCP/6000 As A Source Port?, https://secure.dshield.org/diary/What%27s+Up+With+All+The+Port +Scanning +Using+TCP6000+As+A+Source+Port%3F/7924 [25.11.2013]

Identifiers

ISSN

2084-5537