利用蜜罐数据集的时间方差分析，更好地预测攻击类型概率

2017 12th International Conference for Internet Technology and Secured Transactions (ICITST) Pub Date : 2017-12-01 DOI:10.23919/ICITST.2017.8356416

Seamus Dowling, M. Schukat, H. Melvin

{"title":"利用蜜罐数据集的时间方差分析，更好地预测攻击类型概率","authors":"Seamus Dowling, M. Schukat, H. Melvin","doi":"10.23919/ICITST.2017.8356416","DOIUrl":null,"url":null,"abstract":"Honeypots are deployed to capture cyber attack data for analysis of attacker behavior. This paper analyses a honeypot dataset to establish attack types and corresponding temporal patterns. It calculates the probability of each attack type occurring at a particular time of day and tests these probabilities with a random sample from the honeypot dataset. Attacks can take many forms and can come from different geographical sources. Temporal patterns in attacks are often observed due to the diurnal nature of computer usage and thus attack types captured on a honeypot will also reflect these patterns. We propose that it is possible to determine the probability of differing attack types occurring at certain times of the day. Understanding attack behavior informs the implementation of more robust security measures. The paper also proposes automating this process to create dynamic and adaptive honeypots. An adaptive honeypot that can modify its security levels, can increase the attack vector at different times of the day. This will improve data collection for analysis that ultimately will lead to better cyber defenses.","PeriodicalId":440665,"journal":{"name":"2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"67 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Using analysis of temporal variances within a honeypot dataset to better predict attack type probability\",\"authors\":\"Seamus Dowling, M. Schukat, H. Melvin\",\"doi\":\"10.23919/ICITST.2017.8356416\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Honeypots are deployed to capture cyber attack data for analysis of attacker behavior. This paper analyses a honeypot dataset to establish attack types and corresponding temporal patterns. It calculates the probability of each attack type occurring at a particular time of day and tests these probabilities with a random sample from the honeypot dataset. Attacks can take many forms and can come from different geographical sources. Temporal patterns in attacks are often observed due to the diurnal nature of computer usage and thus attack types captured on a honeypot will also reflect these patterns. We propose that it is possible to determine the probability of differing attack types occurring at certain times of the day. Understanding attack behavior informs the implementation of more robust security measures. The paper also proposes automating this process to create dynamic and adaptive honeypots. An adaptive honeypot that can modify its security levels, can increase the attack vector at different times of the day. This will improve data collection for analysis that ultimately will lead to better cyber defenses.\",\"PeriodicalId\":440665,\"journal\":{\"name\":\"2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)\",\"volume\":\"67 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.23919/ICITST.2017.8356416\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/ICITST.2017.8356416","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 12

摘要

部署蜜罐是为了捕获网络攻击数据，分析攻击者的行为。本文通过分析一个蜜罐数据集来建立攻击类型和相应的时间模式。它计算每种攻击类型在一天中的特定时间发生的概率，并使用蜜罐数据集中的随机样本测试这些概率。攻击可以有多种形式，可以来自不同的地理来源。由于计算机使用的昼夜性质，攻击中的时间模式经常被观察到，因此在蜜罐上捕获的攻击类型也将反映这些模式。我们建议有可能确定在一天的特定时间发生不同攻击类型的概率。了解攻击行为有助于实现更健壮的安全措施。本文还提出了自动化这一过程，以创建动态和自适应蜜罐。自适应蜜罐可以修改其安全级别，可以在一天中的不同时间增加攻击向量。这将改善数据收集分析，最终将导致更好的网络防御。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Using analysis of temporal variances within a honeypot dataset to better predict attack type probability

Honeypots are deployed to capture cyber attack data for analysis of attacker behavior. This paper analyses a honeypot dataset to establish attack types and corresponding temporal patterns. It calculates the probability of each attack type occurring at a particular time of day and tests these probabilities with a random sample from the honeypot dataset. Attacks can take many forms and can come from different geographical sources. Temporal patterns in attacks are often observed due to the diurnal nature of computer usage and thus attack types captured on a honeypot will also reflect these patterns. We propose that it is possible to determine the probability of differing attack types occurring at certain times of the day. Understanding attack behavior informs the implementation of more robust security measures. The paper also proposes automating this process to create dynamic and adaptive honeypots. An adaptive honeypot that can modify its security levels, can increase the attack vector at different times of the day. This will improve data collection for analysis that ultimately will lead to better cyber defenses.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 12th International Conference for Internet Technology and Secured Transactions (ICITST)

自引率

0.00%

发文量