论文信息 - Data Mining Algorithms in the Analysis of Security Logs from a Honeypot System

Data Mining Algorithms in the Analysis of Security Logs from a Honeypot System

Today many applications move to the Internet as web applications. This phenomenon causes new opportunities for attackers to take over servers or steal sensitive data such as credit card numbers, personal or corporate data. In this paper some analyses of data from a honeypot system of web application, implemented at the Institute of Computer Science, Warsaw University of Technology, are presented. The implemented honeypot has its own management software that helps to analyze the stored data. The honeypot was operating almost one year. Several data mining techniques were used to analyze the data collected by the honeypot and to detect important patterns and attacks. In this paper the results of the usage of algorithms MaxMiner and SED in the analysis of logs are presented.

Ilona Bluemke | Michal Buda

[1] Kai Hwang,et al. Frequent episode rules for Internet anomaly detection , 2004, Third IEEE International Symposium on Network Computing and Applications, 2004. (NCA 2004). Proceedings..

[2] Charu C. Aggarwal,et al. A Tree Projection Algorithm for Generation of Frequent Item Sets , 2001, J. Parallel Distributed Comput..

[3] Stefan Katzenbeisser,et al. Fast dynamic extracted honeypots in cloud computing , 2012, CCSW '12.

[4] Hiroki Takakura,et al. Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation , 2011, BADGERS '11.

[5] Roberto J. Bayardo,et al. Efficiently mining long patterns from databases , 1998, SIGMOD '98.

[6] Ian H. Witten,et al. Data mining: practical machine learning tools and techniques, 3rd Edition , 1999 .

[7] Heikki Mannila,et al. Discovery of Frequent Episodes in Event Sequences , 1997, Data Mining and Knowledge Discovery.

[8] Ming-Yang Su,et al. Applying episode mining and pruning to identify malicious online attacks , 2017, Comput. Electr. Eng..

[9] Iyatiti Mokube,et al. Honeypots: concepts, approaches, and challenges , 2007, ACM-SE 45.