Unsupervised classification and characterization of honeypot attacks

10th International Conference on Network and Service Management (CNSM) and Workshop Pub Date : 2014-11-01 DOI:10.1109/CNSM.2014.7014136

P. Owezarski

{"title":"Unsupervised classification and characterization of honeypot attacks","authors":"P. Owezarski","doi":"10.1109/CNSM.2014.7014136","DOIUrl":null,"url":null,"abstract":"Monitoring communication networks and their traffic is of essential importance for estimating the risk in the Internet, and therefore designing suited protection systems for computer networks. Network and traffic analysis can be done thanks to measurement devices or honeypots. However, analyzing the huge amount of gathered data, and characterizing the anomalies and attacks contained in these traces remain complex and time consuming tasks, done by network and security experts using poorly automatized tools, and are consequently slow and costly. In this paper, we present an unsupervised method for classification and characterization of security related anomalies and attacks occurring in honeypots. This as automatized as possible method does not need any attack signature database, learning phase, or labeled traffic. This corresponds to a major step towards autonomous security systems. This paper also shows how it is possible from anomalies characterization results to infer filtering rules that could serve for automatically configuring network routers, switches or firewalls.","PeriodicalId":268334,"journal":{"name":"10th International Conference on Network and Service Management (CNSM) and Workshop","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"10th International Conference on Network and Service Management (CNSM) and Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CNSM.2014.7014136","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 16

Abstract

Monitoring communication networks and their traffic is of essential importance for estimating the risk in the Internet, and therefore designing suited protection systems for computer networks. Network and traffic analysis can be done thanks to measurement devices or honeypots. However, analyzing the huge amount of gathered data, and characterizing the anomalies and attacks contained in these traces remain complex and time consuming tasks, done by network and security experts using poorly automatized tools, and are consequently slow and costly. In this paper, we present an unsupervised method for classification and characterization of security related anomalies and attacks occurring in honeypots. This as automatized as possible method does not need any attack signature database, learning phase, or labeled traffic. This corresponds to a major step towards autonomous security systems. This paper also shows how it is possible from anomalies characterization results to infer filtering rules that could serve for automatically configuring network routers, switches or firewalls.

查看原文本刊更多论文

蜜罐攻击的无监督分类与表征

监控通信网络及其流量对于评估互联网的风险，从而设计适合的计算机网络保护系统至关重要。网络和流量分析可以通过测量设备或蜜罐来完成。然而，分析大量收集的数据，并描述这些痕迹中包含的异常和攻击仍然是复杂和耗时的任务，由网络和安全专家使用较差的自动化工具完成，因此速度缓慢且成本高昂。在本文中，我们提出了一种用于蜜罐中发生的安全相关异常和攻击的分类和表征的无监督方法。这种尽可能自动化的方法不需要任何攻击特征库、学习阶段或标记流量。这相当于朝着自主安全系统迈出了重要一步。本文还展示了如何从异常表征结果中推断出可用于自动配置网络路由器、交换机或防火墙的过滤规则。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

10th International Conference on Network and Service Management (CNSM) and Workshop

自引率

0.00%

发文量