Data Mining in Long-Term Honeypot Data

Criminal activity in the Internet is becoming more sophisticated. Traditional information security techniques hardly cope with recent trends. Honeypots proved to be a valuable source of threat intelligence. In this work several Honeypots are combined into a Honeynet and observed exploitation attempt...

Full description

Saved in:
Bibliographic Details
Main Authors: Fraunholz, Daniel, Zimmermann, Marc, Hafner, Alexander, Schotten, Hans D.
Format: Conference Proceeding
Language:English
Subjects:
Authentication
Big Data
Botnets
Computer crime
Data mining
Honeypots
Protocols
Sensors
Citations: Items that cite this one
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Criminal activity in the Internet is becoming more sophisticated. Traditional information security techniques hardly cope with recent trends. Honeypots proved to be a valuable source of threat intelligence. In this work several Honeypots are combined into a Honeynet and observed exploitation attempts. The Honeynet consists of six Honeypots and was operated for 222 days. 12 million exploitation attempts were captured. The captured data is examined and evaluated. Several hypotheses are proposed and analyzed. Dependencies and distribution within the data are identified and quantified. Investigated features are: Temporal and spatial distribution, attacked protocols, involved autonomous systems and the employed dictionaries.
ISSN:2375-9259
DOI:10.1109/ICDMW.2017.92