基于数据挖掘的蜜罐路由器数据分析器

ACS/IEEE International Conference on Computer Systems and Applications - AICCSA 2010 Pub Date : 2010-05-16 DOI:10.1109/AICCSA.2010.5587041

Abdallah Ghourabi, Tarek Abbes, A. Bouhoula

{"title":"基于数据挖掘的蜜罐路由器数据分析器","authors":"Abdallah Ghourabi, Tarek Abbes, A. Bouhoula","doi":"10.1109/AICCSA.2010.5587041","DOIUrl":null,"url":null,"abstract":"Honeypot is an effective security tool, which is intended to be attacked and compromised to gain more information about the attacker and his attack techniques. To study these attacks, the honeypot must capture and log large amounts of data which are very difficult to process manually. So, the analysis of these logs has become a very difficult and time consuming task. To resolve this problem, several researchers have proposed the use of data mining techniques in order to classify logged traffic and extract useful information. In this paper, we present a data analysis tool for our Honeypot Router. This tool is based on data mining clustering. The main idea is to extract useful features from data captured by the Honeypot Router. These data will be then clustered by using the DBSCAN clustering algorithm in order to classify the captured packets and extract those that are suspicious. Suspicious packets will be then verified by a human expert. This solution is very useful to detect novel routing attacks.","PeriodicalId":352946,"journal":{"name":"ACS/IEEE International Conference on Computer Systems and Applications - AICCSA 2010","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":"{\"title\":\"Data analyzer based on data mining for Honeypot Router\",\"authors\":\"Abdallah Ghourabi, Tarek Abbes, A. Bouhoula\",\"doi\":\"10.1109/AICCSA.2010.5587041\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Honeypot is an effective security tool, which is intended to be attacked and compromised to gain more information about the attacker and his attack techniques. To study these attacks, the honeypot must capture and log large amounts of data which are very difficult to process manually. So, the analysis of these logs has become a very difficult and time consuming task. To resolve this problem, several researchers have proposed the use of data mining techniques in order to classify logged traffic and extract useful information. In this paper, we present a data analysis tool for our Honeypot Router. This tool is based on data mining clustering. The main idea is to extract useful features from data captured by the Honeypot Router. These data will be then clustered by using the DBSCAN clustering algorithm in order to classify the captured packets and extract those that are suspicious. Suspicious packets will be then verified by a human expert. This solution is very useful to detect novel routing attacks.\",\"PeriodicalId\":352946,\"journal\":{\"name\":\"ACS/IEEE International Conference on Computer Systems and Applications - AICCSA 2010\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-05-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"18\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACS/IEEE International Conference on Computer Systems and Applications - AICCSA 2010\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/AICCSA.2010.5587041\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACS/IEEE International Conference on Computer Systems and Applications - AICCSA 2010","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AICCSA.2010.5587041","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 18

摘要

蜜罐是一种有效的安全工具，它旨在被攻击和破坏，以获得有关攻击者及其攻击技术的更多信息。为了研究这些攻击，蜜罐必须捕获和记录大量的数据，这些数据很难手工处理。因此，对这些日志的分析已经成为一项非常困难和耗时的任务。为了解决这个问题，一些研究人员提出了使用数据挖掘技术来对日志流量进行分类并提取有用的信息。在本文中，我们提出了一个蜜罐路由器的数据分析工具。该工具基于数据挖掘聚类。其主要思想是从蜜罐路由器捕获的数据中提取有用的特征。然后使用DBSCAN聚类算法对这些数据进行聚类，以便对捕获的数据包进行分类并提取可疑的数据包。然后，可疑数据包将由人类专家进行验证。这种解决方案对于检测新的路由攻击非常有用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Data analyzer based on data mining for Honeypot Router

Honeypot is an effective security tool, which is intended to be attacked and compromised to gain more information about the attacker and his attack techniques. To study these attacks, the honeypot must capture and log large amounts of data which are very difficult to process manually. So, the analysis of these logs has become a very difficult and time consuming task. To resolve this problem, several researchers have proposed the use of data mining techniques in order to classify logged traffic and extract useful information. In this paper, we present a data analysis tool for our Honeypot Router. This tool is based on data mining clustering. The main idea is to extract useful features from data captured by the Honeypot Router. These data will be then clustered by using the DBSCAN clustering algorithm in order to classify the captured packets and extract those that are suspicious. Suspicious packets will be then verified by a human expert. This solution is very useful to detect novel routing attacks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

ACS/IEEE International Conference on Computer Systems and Applications - AICCSA 2010

自引率

0.00%

发文量