Automating the Analysis of Honeypot Data (Extended Abstract)

Thonnard, Olivier; Viinikka, Jouni; Leita, Corrado; Dacier, Marc

doi:10.1007/978-3-540-87403-4_29

Automating the Analysis of Honeypot Data (Extended Abstract)

Olivier Thonnard¹,
Jouni Viinikka²,
Corrado Leita¹ &
…
Marc Dacier³

Conference paper

1763 Accesses
2 Citations

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5230))

Abstract

We describe the on-going work towards further automating the analysis of data generated by a large honeynet architecture called Leurre.com and SGNET. The underlying motivation is helping us to integrate the use of honeypot data into daily network security monitoring. We propose a system based on two automated steps: i) the detection of relevant attack events within a large honeynet traffic data set, and ii) the extraction of highly similar events based on temporal correlation.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 89.00; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

Viinikka, J., Debar, H., Mé, L., Lehikoinen, A., Tarvainen, M.: Processing intrusion detection alert aggregates with time series modeling. Information Fusion Journal (2008); Special Issue on Computer Security (to appear)
Google Scholar
Thonnard, O., Dacier, M.: A Framework for Attack Patterns Discovery in Honeynet Data. In: Digital Forensic Research Workshop (DFRWS) (2008)
Google Scholar
Pouget, F., Urvoy-Keller, G., Dacier, M.: Time signatures to detect multi-headed stealthy attack tools. In: 18th Annual FIRST Conference, Baltimore, USA (2006)
Google Scholar
The Leurre.com Project, http://www.leurrecom.org
Leita, C., Dacier, M.: SGNET: a worldwide deployable framework to support the analysis of malware threat models. In: Proceedings of EDCC 2008, 7th European Dependable Computing Conference, Kaunas, Lithuania, May 7-9 (2008)
Google Scholar
Pouget, F., Dacier, M., Zimmerman, J., Clark, A., Mohay, G.: Internet attack knowledge discovery via clusters and cliques of attack traces. Journal of Information Assurance and Security 1(1) (March 2006)
Google Scholar
Pavan, M., Pelillo, M.: A new graph-theoretic approach to clustering and segmentation. In: Proceedings of IEEE Conference on Computer Vision and Pattern Recognition (2003)
Google Scholar

Download references

Author information

Authors and Affiliations

Institut Eurecom,
Olivier Thonnard & Corrado Leita
France Telecom R&D,
Jouni Viinikka
Symantec Research Labs, France
Marc Dacier

Authors

Olivier Thonnard
View author publications
You can also search for this author in PubMed Google Scholar
Jouni Viinikka
View author publications
You can also search for this author in PubMed Google Scholar
Corrado Leita
View author publications
You can also search for this author in PubMed Google Scholar
Marc Dacier
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Richard Lippmann Engin Kirda Ari Trachtenberg

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Thonnard, O., Viinikka, J., Leita, C., Dacier, M. (2008). Automating the Analysis of Honeypot Data (Extended Abstract). In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds) Recent Advances in Intrusion Detection. RAID 2008. Lecture Notes in Computer Science, vol 5230. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-87403-4_29

Download citation

DOI: https://doi.org/10.1007/978-3-540-87403-4_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-87402-7
Online ISBN: 978-3-540-87403-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics