Automating the analysis of honeypot data

Olivier Thonnard, Jouni Viinikka, Corrado Leita, Marc Dacier

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

We describe the on-going work towards further automating the analysis of data generated by a large honeynet architecture called Leurre.com and SGNET. The underlying motivation is helping us to integrate the use of honeypot data into daily network security monitoring. We propose a system based on two automated steps: i) the detection of relevant attack events within a large honeynet traffic data set, and ii) the extraction of highly similar events based on temporal correlation.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages406-407
Number of pages2
Volume5230 LNCS
DOIs
Publication statusPublished - 2008
Externally publishedYes
EventRecent Advances in Intrusion Detection - 11th International Symposium, RAID 2008, Proceedings - Cambridge, MA
Duration: 15 Sep 200817 Sep 2008

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5230 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

OtherRecent Advances in Intrusion Detection - 11th International Symposium, RAID 2008, Proceedings
CityCambridge, MA
Period15/9/0817/9/08

Fingerprint

Honeypot
Network security
Monitoring
Temporal Correlation
Network Security
Integrate
Attack
Traffic

Keywords

  • Honeypots
  • Internet threats analysis
  • Malicious behavior characterization

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Thonnard, O., Viinikka, J., Leita, C., & Dacier, M. (2008). Automating the analysis of honeypot data. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5230 LNCS, pp. 406-407). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5230 LNCS). https://doi.org/10.1007/978-3-540-87403-4_29

Automating the analysis of honeypot data. / Thonnard, Olivier; Viinikka, Jouni; Leita, Corrado; Dacier, Marc.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 5230 LNCS 2008. p. 406-407 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5230 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Thonnard, O, Viinikka, J, Leita, C & Dacier, M 2008, Automating the analysis of honeypot data. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 5230 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5230 LNCS, pp. 406-407, Recent Advances in Intrusion Detection - 11th International Symposium, RAID 2008, Proceedings, Cambridge, MA, 15/9/08. https://doi.org/10.1007/978-3-540-87403-4_29
Thonnard O, Viinikka J, Leita C, Dacier M. Automating the analysis of honeypot data. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 5230 LNCS. 2008. p. 406-407. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-540-87403-4_29
Thonnard, Olivier ; Viinikka, Jouni ; Leita, Corrado ; Dacier, Marc. / Automating the analysis of honeypot data. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 5230 LNCS 2008. pp. 406-407 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{85d5b716b9324135b796314e69c79708,
title = "Automating the analysis of honeypot data",
abstract = "We describe the on-going work towards further automating the analysis of data generated by a large honeynet architecture called Leurre.com and SGNET. The underlying motivation is helping us to integrate the use of honeypot data into daily network security monitoring. We propose a system based on two automated steps: i) the detection of relevant attack events within a large honeynet traffic data set, and ii) the extraction of highly similar events based on temporal correlation.",
keywords = "Honeypots, Internet threats analysis, Malicious behavior characterization",
author = "Olivier Thonnard and Jouni Viinikka and Corrado Leita and Marc Dacier",
year = "2008",
doi = "10.1007/978-3-540-87403-4_29",
language = "English",
isbn = "354087402X",
volume = "5230 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "406--407",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - Automating the analysis of honeypot data

AU - Thonnard, Olivier

AU - Viinikka, Jouni

AU - Leita, Corrado

AU - Dacier, Marc

PY - 2008

Y1 - 2008

N2 - We describe the on-going work towards further automating the analysis of data generated by a large honeynet architecture called Leurre.com and SGNET. The underlying motivation is helping us to integrate the use of honeypot data into daily network security monitoring. We propose a system based on two automated steps: i) the detection of relevant attack events within a large honeynet traffic data set, and ii) the extraction of highly similar events based on temporal correlation.

AB - We describe the on-going work towards further automating the analysis of data generated by a large honeynet architecture called Leurre.com and SGNET. The underlying motivation is helping us to integrate the use of honeypot data into daily network security monitoring. We propose a system based on two automated steps: i) the detection of relevant attack events within a large honeynet traffic data set, and ii) the extraction of highly similar events based on temporal correlation.

KW - Honeypots

KW - Internet threats analysis

KW - Malicious behavior characterization

UR - http://www.scopus.com/inward/record.url?scp=56549126489&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=56549126489&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-87403-4_29

DO - 10.1007/978-3-540-87403-4_29

M3 - Conference contribution

SN - 354087402X

SN - 9783540874027

VL - 5230 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 406

EP - 407

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -