Automatic Analysis of Web Service Honeypot Data Using Machine Learning Techniques
Over the past years, Honeypots have proven their efficacy for understanding the characteristics of malicious activities on the Internet. They help security managers to collect valuable information about the techniques and motivations of the attackers. However, when the amount of collected data in honeypots becomes very large, the analysis performed by a human security administrator tends to be very difficult, tedious and time consuming task. To facilitate and improve this task, integration of new methods for automatic analysis seems to be necessary. We propose in this paper a new approach based on different machine learning techniques to analyze collected data in a Web Services Honeypot. The aim of this approach is to identify and characterize attacks targeting Web services using three classifiers (SVM, SVM Regression and Apriori) depending on the nature of collected data.
Keywordsdata analysis Honeypot machine learning Web service attacks
Unable to display preview. Download preview PDF.
- 1.Agrawal, R., Srikant, R.: Fast algorithms for mining association rules in large databases. In: 20th International Conference on Very Large Data Bases, VLDB, Santiago, Chile, pp. 487–499 (1994)Google Scholar
- 2.Alata, E., Dacier, M., Deswarte, Y., Kaâniche, M., Kortchinsky, K., Nicomette, V., Pham, V.H., Pouget, F.: Collection and analysis of attack data based on honeypots deployed on the Internet. In: First Workshop on Quality of protection, Security Measurements and Metrics, Milan, Italy (2005)Google Scholar
- 3.Ghourabi, A., Abbes, T., Bouhoula, A.: Experimental analysis of attacks against web services and countermeasures. In: 12th International Conference on Information Integration and Web based Applications & Services (iiWAS 2010), Paris, France (2010)Google Scholar
- 4.Ghourabi, A., Abbes, T., Bouhoula, A.: Design and implementation of web service honeypot. In: 19th International Conference on Software, Telecommunications and Computer Networks, Split, Croatia (2011)Google Scholar
- 5.Herrero, Á., Zurutuza, U., Corchado, E.: A Neural-Visualization IDS for Honeynet Data. Int. J. Neural Syst. 22(2) (2012)Google Scholar
- 6.Pouget, F., Dacier, M.: Honeypot-based Forensics. In: AusCERT Asia Pacific Information Technology Security Conference (AusCERT 2004), Brisbane, Australia (2004)Google Scholar
- 7.Seifert, C., Komisarczuk, P., Welch, I.: Identification of malicious web pages with static heuristics. In: Austalasian Telecommunication Networks and Applications Conference, Adelaide (2008)Google Scholar
- 9.Spitzner, L.: Definitions and value of honeypots (2003), http://www.tracking-hackers.com/papers/honeypots.html
- 12.Wang, Y.: Statistical techniques for network security: modern statistically based intrusion detection and protection. IGI Global (2009)Google Scholar