Abstract
Neural projection techniques can adaptively map high-dimensional data into a low-dimensional space, for the user-friendly visualization of data collected by different security tools. Such techniques are applied in this study for the visual inspection of honeypot data, which may be seen as a complementary network security tool that sheds light on internal data structures through visual inspection. Empirical verification of the proposed projection methods was performed in an experimental domain where data were captured from a honeypot network. Experiments showed that visual inspection of these data, contributes to easily gain a deep understanding of attack patterns and strategies.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Myerson, J.M.: Identifying Enterprise Network Vulnerabilities. International Journal of Network Management 12(3), 135–144 (2002)
Becker, R.A., Eick, S.G., Wilks, A.R.: Visualizing Network Data. IEEE Transactions on Visualization and Computer Graphics 1(1), 16–28 (1995)
D’Amico, A.D., Goodall, J.R., Tesone, D.R., Kopylec, J.K.: Visual Discovery in Computer Network Defense. IEEE Computer Graphics and Applications 27(5), 20–27 (2007)
Goodall, J.R., Lutters, W.G., Rheingans, P., Komlodi, A.: Focusing on Context in Network Traffic Analysis. IEEE Computer Graphics and Applications 26(2), 72–80 (2006)
Itoh, T., Takakura, H., Sawada, A., Koyamada, K.: Hierarchical Visualization of Network Intrusion Detection Data. IEEE Computer Graphics and Applications 26(2), 40–47 (2006)
Livnat, Y., Agutter, J., Moon, S., Erbacher, R.F., Foresti, S.: A Visualization Paradigm for Network Intrusion Detection. In: Sixth Annual IEEE SMC Information Assurance Workshop, IAW 2005 (2005)
Herrero, Á., Corchado, E., Gastaldo, P., Zunino, R.: Neural Projection Techniques for the Visual Inspection of Network Traffic. Neurocomputing 72(16-18), 3649–3658 (2009)
Herrero, Á., Corchado, E., Pellicer, M.A., Abraham, A.: MOVIH-IDS: A Mobile-Visualization Hybrid Intrusion Detection System. Neurocomputing 72(13-15), 2775–2784 (2009)
Charles, K.A.: Decoy Systems: A New Player in Network Security and Computer Incident Response. International Journal of Digital Evidence 2(3) (2004)
Provos, N.: A Virtual Honeypot Framework. In: 13th USENIX Security Symposium 132 (2004)
Baecher, P., Koetter, M., Holz, T., Dornseif, M., Freiling, F.: The Nepenthes Platform: An Efficient Approach to Collect Malware. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 165–184. Springer, Heidelberg (2006)
Moore, D., Shannon, C., Brown, D.J., Voelker, G.M., Savage, S.: Inferring Internet Denial-of-service Activity. ACM Transactions on Computer Systems 24(2), 115–139 (2006)
Ahlberg, C., Shneiderman, B.: Visual Information Seeking: Tight Coupling of Dynamic Query Filters with Starfield Displays. In: Readings in Information Visualization: using Vision to Think, pp. 244–250. Morgan Kaufmann Publishers Inc., San Francisco (1999)
Goodall, J.R., Lutters, W.G., Rheingans, P., Komlodi, A.: Preserving the Big Picture: Visual Network Traffic Analysis with TNV. In: IEEE Workshop on Visualization for Computer Security (VizSEC 2005). IEEE Computer Society, Los Alamitos (2005)
Laskov, P., Dussel, P., Schafer, C., Rieck, K.: Learning Intrusion Detection: Supervised or Unsupervised? In: Roli, F., Vitulano, S. (eds.) ICIAP 2005. LNCS, vol. 3617, pp. 50–57. Springer, Heidelberg (2005)
Oja, E.: A Simplified Neuron Model as a Principal Component Analyzer. Journal of Mathematical Biology 15(3), 267–273 (1982)
Sanger, D.: Contribution Analysis: a Technique for Assigning Responsibilities to Hidden Units in Connectionist Networks. Connection Science 1(2), 115–138 (1989)
Fyfe, C.: A Neural Network for PCA and Beyond. Neural Processing Letters 6(1-2), 33–41 (1997)
Corchado, E., Fyfe, C.: Connectionist Techniques for the Identification and Suppression of Interfering Underlying Factors. International Journal of Pattern Recognition and Artificial Intelligence 17(8), 1447–1466 (2003)
Fyfe, C., Corchado, E.: Maximum Likelihood Hebbian Rules. In: 10th European Symposium on Artificial Neural Networks, ESANN 2002 (2002)
Friedman, J.H., Tukey, J.W.: A Projection Pursuit Algorithm for Exploratory Data-Analysis. IEEE Transactions on Computers 23(9), 881–890 (1974)
Corchado, E., MacDonald, D., Fyfe, C.: Maximum and Minimum Likelihood Hebbian Learning for Exploratory Projection Pursuit. Data Mining and Knowledge Discovery 8(3), 203–225 (2004)
McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory. ACM Trans. Information System Security 3(4), 262–294 (2000)
Zurutuza, U., Uribeetxeberria, R., Zamboni, D.: A Data Mining Approach for Analysis of Worm Activity through Automatic Signature Generation. In: 1st ACM Workshop on AISec. ACM, New York (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Alonso, Á. et al. (2010). Understanding Honeypot Data by an Unsupervised Neural Visualization. In: Herrero, Á., Corchado, E., Redondo, C., Alonso, Á. (eds) Computational Intelligence in Security for Information Systems 2010. Advances in Intelligent and Soft Computing, vol 85. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16626-6_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-16626-6_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16625-9
Online ISBN: 978-3-642-16626-6
eBook Packages: EngineeringEngineering (R0)