Abstract
We describe the on-going work towards further automating the analysis of data generated by a large honeynet architecture called Leurre.com and SGNET. The underlying motivation is helping us to integrate the use of honeypot data into daily network security monitoring. We propose a system based on two automated steps: i) the detection of relevant attack events within a large honeynet traffic data set, and ii) the extraction of highly similar events based on temporal correlation.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Viinikka, J., Debar, H., Mé, L., Lehikoinen, A., Tarvainen, M.: Processing intrusion detection alert aggregates with time series modeling. Information Fusion Journal (2008); Special Issue on Computer Security (to appear)
Thonnard, O., Dacier, M.: A Framework for Attack Patterns Discovery in Honeynet Data. In: Digital Forensic Research Workshop (DFRWS) (2008)
Pouget, F., Urvoy-Keller, G., Dacier, M.: Time signatures to detect multi-headed stealthy attack tools. In: 18th Annual FIRST Conference, Baltimore, USA (2006)
The Leurre.com Project, http://www.leurrecom.org
Leita, C., Dacier, M.: SGNET: a worldwide deployable framework to support the analysis of malware threat models. In: Proceedings of EDCC 2008, 7th European Dependable Computing Conference, Kaunas, Lithuania, May 7-9 (2008)
Pouget, F., Dacier, M., Zimmerman, J., Clark, A., Mohay, G.: Internet attack knowledge discovery via clusters and cliques of attack traces. Journal of Information Assurance and Security 1(1) (March 2006)
Pavan, M., Pelillo, M.: A new graph-theoretic approach to clustering and segmentation. In: Proceedings of IEEE Conference on Computer Vision and Pattern Recognition (2003)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Thonnard, O., Viinikka, J., Leita, C., Dacier, M. (2008). Automating the Analysis of Honeypot Data (Extended Abstract). In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds) Recent Advances in Intrusion Detection. RAID 2008. Lecture Notes in Computer Science, vol 5230. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-87403-4_29
Download citation
DOI: https://doi.org/10.1007/978-3-540-87403-4_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-87402-7
Online ISBN: 978-3-540-87403-4
eBook Packages: Computer ScienceComputer Science (R0)