Skip to main content
SpringerLink
Log in

Data Mining Algorithms in the Analysis of Security Logs from a Honeypot System

  • Conference paper
  • First Online:
Dependability Engineering and Complex Systems (DepCoS-RELCOMEX 2016)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 470))

Included in the following conference series:

Abstract

Today many applications move to the Internet as web applications. This phenomenon causes new opportunities for attackers to take over servers or steal sensitive data such as credit card numbers, personal or corporate data. In this paper some analyses of data from a honeypot system of web application, implemented at the Institute of Computer Science, Warsaw University of Technology, are presented. The implemented honeypot has its own management software that helps to analyze the stored data. The honeypot was operating almost one year. Several data mining techniques were used to analyze the data collected by the honeypot and to detect important patterns and attacks. In this paper the results of the usage of algorithms MaxMiner and SED in the analysis of logs are presented.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Mokube, I., Adams, M.: Honeypots: Concepts, Approaches, and Challenges. doi:10.1145/1233341.1233399

  2. Buda, M.: Implementation and Integration of WEB Application Honeypot System Together with Advanced System for Monitoring and Preliminary data Analysis. Ba diploma, Institute of Computer Science, Warsaw University of Technology, Warsaw (2013) (in polish)

    Google Scholar 

  3. Bayard, R.J.: Efficiently mining long patterns from databases. In: SIGMOD ‘98 Proceedings of the 1998 ACM SIGMOD International Conference on Management of Data, pp. 85–93 (1998). doi:10.1145/276304.276313

  4. Cabaj, K.: The new approach to the knowledge discovery in data streams. Ph.D. thesis, Institute of Computer Science, Warsaw University of Technology, Warsaw (2009) (in polish)

    Google Scholar 

  5. Biedermann, S., Mink, M., Katzenbeisser, S.: Fast dynamic extracted Honeypots in cloud computing. In: CCSW ‘12 Proceedings of the 2012 ACM Workshop on Cloud Computing Security Workshop, pp. 13–18 (2012). doi:10.1145/2381913.2381916

  6. Honeytokens: The Other Honeypot (2016) http://www.symantec.com/connect/articles/honeyto-kens-other-honeypot. Accessed January 2016

  7. Song, J., Takakura, H., Okabe, Y., Eto, M., Inoue, D., Nakao, K.: Statistical analysis of honeypot data and building of Kyoto 2006 + dataset for NIDS evaluation. In: BADGERS ‘11 Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pp. 29–36 (2006). doi:10.1145/1978672.1978676

  8. Honeynet Project, (2016). https://www.honeynet.org/node/158. Accessed January 2016

  9. Su, M.Y.: Applying Episode Mining and Pruning to Identify Malicious Online Attacks. doi:10.1016/j.compeleceng.2015.08.015

    Google Scholar 

  10. Server Message Block, (2016). https://en.wikipedia.org/wiki/Server_Message_Block. Accessed January 2016

  11. Qin, M., Hwang, K.: Frequent episode rules for Internet anomaly detection. In: Third IEEE International Symposium on Network Computing and Applications, 2004, NCA 2004. Proceedings (2004). doi:10.1109/NCA.2004.1347773

  12. Mannila, H., Toivonen, H., Verkamo, I.: Discovery of frequent episodes in event sequences. In: Data Mining and Knowledge Discovery, vol. 1, Issue 3 (1997). doi:10.1023/A:1009748302351

    Google Scholar 

  13. Agarwal, R., Aggarwal, C., Prasad, V.V.V.: A Tree Projection Algorithm for Generation of Frequent Item Sets. In: IBM T. J. Watson Research Center, Yorktown Heights, New York, 10598. doi:10.1006/jpdc.2000.1693

    Google Scholar 

  14. Witten, I.H., Frank, E.: Data Mining: Practical Machine Learning Tools and Techniques. Elsevier. ISBN-13: 978-0-12-088407-0 (2005)

    Google Scholar 

  15. Buda, M.: The Application of Data Mining Methods to Analyze Data from Honeypot Systems. M.Sc. diploma, Institute of Computer Science, Warsaw University of Technology, Warsaw (2015) (in polish)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The Faculty of Electronics and Information Technology, Institute of Computer Science, WUT, ul. Nowowiejska 15/19, 00-665, Warszawa, Poland

    MichaƂ Buda & Ilona Bluemke

Authors
  1. MichaƂ Buda
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ilona Bluemke
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to MichaƂ Buda .

Editor information

Editors and Affiliations

  1. Department of Computer Engineering, WrocƂaw University of Technology, WrocƂaw, Poland

    Wojciech Zamojski

  2. Department of Computer Engineering, WrocƂaw University of Technology, WrocƂaw, Poland

    Jacek Mazurkiewicz

  3. Department of Computer Engineering, WrocƂaw University of Technology, Wroclaw, Poland

    JarosƂaw Sugier

  4. Department of Computer Engineering, WrocƂaw University of Technology, WrocƂaw, Poland

    Tomasz Walkowiak

  5. Polish Academy of Sciences, Systems Research Institute, Warszawa, Poland

    Janusz Kacprzyk

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Buda, M., Bluemke, I. (2016). Data Mining Algorithms in the Analysis of Security Logs from a Honeypot System. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Dependability Engineering and Complex Systems. DepCoS-RELCOMEX 2016. Advances in Intelligent Systems and Computing, vol 470. Springer, Cham. https://doi.org/10.1007/978-3-319-39639-2_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-39639-2_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-39638-5

  • Online ISBN: 978-3-319-39639-2

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation