Automatic Analysis of Web Service Honeypot Data Using Machine Learning Techniques

Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 189)

Abstract

Over the past years, Honeypots have proven their efficacy for understanding the characteristics of malicious activities on the Internet. They help security managers to collect valuable information about the techniques and motivations of the attackers. However, when the amount of collected data in honeypots becomes very large, the analysis performed by a human security administrator tends to be very difficult, tedious and time consuming task. To facilitate and improve this task, integration of new methods for automatic analysis seems to be necessary. We propose in this paper a new approach based on different machine learning techniques to analyze collected data in a Web Services Honeypot. The aim of this approach is to identify and characterize attacks targeting Web services using three classifiers (SVM, SVM Regression and Apriori) depending on the nature of collected data.

Keywords

data analysis Honeypot machine learning Web service attacks 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Agrawal, R., Srikant, R.: Fast algorithms for mining association rules in large databases. In: 20th International Conference on Very Large Data Bases, VLDB, Santiago, Chile, pp. 487–499 (1994)Google Scholar
  2. 2.
    Alata, E., Dacier, M., Deswarte, Y., Kaâniche, M., Kortchinsky, K., Nicomette, V., Pham, V.H., Pouget, F.: Collection and analysis of attack data based on honeypots deployed on the Internet. In: First Workshop on Quality of protection, Security Measurements and Metrics, Milan, Italy (2005)Google Scholar
  3. 3.
    Ghourabi, A., Abbes, T., Bouhoula, A.: Experimental analysis of attacks against web services and countermeasures. In: 12th International Conference on Information Integration and Web based Applications & Services (iiWAS 2010), Paris, France (2010)Google Scholar
  4. 4.
    Ghourabi, A., Abbes, T., Bouhoula, A.: Design and implementation of web service honeypot. In: 19th International Conference on Software, Telecommunications and Computer Networks, Split, Croatia (2011)Google Scholar
  5. 5.
    Herrero, Á., Zurutuza, U., Corchado, E.: A Neural-Visualization IDS for Honeynet Data. Int. J. Neural Syst. 22(2) (2012)Google Scholar
  6. 6.
    Pouget, F., Dacier, M.: Honeypot-based Forensics. In: AusCERT Asia Pacific Information Technology Security Conference (AusCERT 2004), Brisbane, Australia (2004)Google Scholar
  7. 7.
    Seifert, C., Komisarczuk, P., Welch, I.: Identification of malicious web pages with static heuristics. In: Austalasian Telecommunication Networks and Applications Conference, Adelaide (2008)Google Scholar
  8. 8.
    Smola, A.J., Schölkopf, B.: A tutorial on support vector regression. Statistics and Computing 14(3), 199–222 (2004)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Spitzner, L.: Definitions and value of honeypots (2003), http://www.tracking-hackers.com/papers/honeypots.html
  10. 10.
    Thonnard, O., Dacier, M.: A framework for attack patterns discovery in honeynet data. Digital Investigation 8, S128–S139(2008)CrossRefGoogle Scholar
  11. 11.
    Vapnik, V.N.: The nature of statistical learning theory. Springer-Verlag New York, Inc., New York (1995)MATHGoogle Scholar
  12. 12.
    Wang, Y.: Statistical techniques for network security: modern statistically based intrusion detection and protection. IGI Global (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  1. 1.Higher School of Communication of Tunis SUP’COMUniversity of CarthageTunisTunisia

Personalised recommendations