Abstract
Today many applications move to the Internet as web applications. This phenomenon causes new opportunities for attackers to take over servers or steal sensitive data such as credit card numbers, personal or corporate data. In this paper some analyses of data from a honeypot system of web application, implemented at the Institute of Computer Science, Warsaw University of Technology, are presented. The implemented honeypot has its own management software that helps to analyze the stored data. The honeypot was operating almost one year. Several data mining techniques were used to analyze the data collected by the honeypot and to detect important patterns and attacks. In this paper the results of the usage of algorithms MaxMiner and SED in the analysis of logs are presented.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mokube, I., Adams, M.: Honeypots: Concepts, Approaches, and Challenges. doi:10.1145/1233341.1233399
Buda, M.: Implementation and Integration of WEB Application Honeypot System Together with Advanced System for Monitoring and Preliminary data Analysis. Ba diploma, Institute of Computer Science, Warsaw University of Technology, Warsaw (2013) (in polish)
Bayard, R.J.: Efficiently mining long patterns from databases. In: SIGMOD â98 Proceedings of the 1998 ACM SIGMOD International Conference on Management of Data, pp. 85â93 (1998). doi:10.1145/276304.276313
Cabaj, K.: The new approach to the knowledge discovery in data streams. Ph.D. thesis, Institute of Computer Science, Warsaw University of Technology, Warsaw (2009) (in polish)
Biedermann, S., Mink, M., Katzenbeisser, S.: Fast dynamic extracted Honeypots in cloud computing. In: CCSW â12 Proceedings of the 2012 ACM Workshop on Cloud Computing Security Workshop, pp. 13â18 (2012). doi:10.1145/2381913.2381916
Honeytokens: The Other Honeypot (2016) http://www.symantec.com/connect/articles/honeyto-kens-other-honeypot. Accessed January 2016
Song, J., Takakura, H., Okabe, Y., Eto, M., Inoue, D., Nakao, K.: Statistical analysis of honeypot data and building of Kyoto 2006Â +Â dataset for NIDS evaluation. In: BADGERS â11 Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pp. 29â36 (2006). doi:10.1145/1978672.1978676
Honeynet Project, (2016). https://www.honeynet.org/node/158. Accessed January 2016
Su, M.Y.: Applying Episode Mining and Pruning to Identify Malicious Online Attacks. doi:10.1016/j.compeleceng.2015.08.015
Server Message Block, (2016). https://en.wikipedia.org/wiki/Server_Message_Block. Accessed January 2016
Qin, M., Hwang, K.: Frequent episode rules for Internet anomaly detection. In: Third IEEE International Symposium on Network Computing and Applications, 2004, NCA 2004. Proceedings (2004). doi:10.1109/NCA.2004.1347773
Mannila, H., Toivonen, H., Verkamo, I.: Discovery of frequent episodes in event sequences. In: Data Mining and Knowledge Discovery, vol. 1, Issue 3 (1997). doi:10.1023/A:1009748302351
Agarwal, R., Aggarwal, C., Prasad, V.V.V.: A Tree Projection Algorithm for Generation of Frequent Item Sets. In: IBM T. J. Watson Research Center, Yorktown Heights, New York, 10598. doi:10.1006/jpdc.2000.1693
Witten, I.H., Frank, E.: Data Mining: Practical Machine Learning Tools and Techniques. Elsevier. ISBN-13: 978-0-12-088407-0 (2005)
Buda, M.: The Application of Data Mining Methods to Analyze Data from Honeypot Systems. M.Sc. diploma, Institute of Computer Science, Warsaw University of Technology, Warsaw (2015) (in polish)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Buda, M., Bluemke, I. (2016). Data Mining Algorithms in the Analysis of Security Logs from a Honeypot System. In: Zamojski, W., Mazurkiewicz, J., Sugier, J., Walkowiak, T., Kacprzyk, J. (eds) Dependability Engineering and Complex Systems. DepCoS-RELCOMEX 2016. Advances in Intelligent Systems and Computing, vol 470. Springer, Cham. https://doi.org/10.1007/978-3-319-39639-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-39639-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-39638-5
Online ISBN: 978-3-319-39639-2
eBook Packages: EngineeringEngineering (R0)