Novel intrusion prediction mechanism based on honeypot log similarity

被引：20

作者：

Jiang, Ci-Bin ^{[1
]}

Liu, I-Hsien ^{[1
]}

Chung, Yao-Nien ^{[1
]}

Li, Jung-Shian ^{[1
]}

机构：

[1] Natl Cheng Kung Univ, Inst Comp & Commun Engn, Dept Elect Engn, Tainan 701, Taiwan

来源：

INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT | 2016年 / 26卷 / 03期

关键词：

FRAMEWORK; DISCOVERY; PATTERNS; SYSTEM;

D O I：

10.1002/nem.1923

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The current network-based intrusion detection systems have a very high rate of false alarms, and this phenomena results in significant efforts to gauge the threat level of the anomalous traffic. In this paper, we propose an intrusion detection mechanism based on honeypot log similarity analysis and data mining techniques to predict and block suspicious flows before attacks occur. With honeypot logs and association rule mining, our approach can reduce the false alarm problem of intrusion detection because only suspicious traffic would be present in the honeypots. The proposed mechanism can reduce human effort, and the entire system can operate automatically. The results of our experiments indicate that the honeypot prediction system is practical for protecting assets from attacks or misuse. Copyright (C) 2016 John Wiley & Sons, Ltd.

引用

页码：156 / 175

页数：20

共 47 条

[1]

Agrawal R., 1993, SIGMOD Record, V22, P207, DOI 10.1145/170036.170072

[2]

Alomari E, 2012, International Journal of Computer Applications, DOI [DOI 10.5120/7640-0724, 10.5120/7640-0724]

[3]

Alosefer Y., 2011, 2011 7th International Conference on Next Generation Web Services Practices, P31, DOI 10.1109/NWeSP.2011.6088149

[4]

[Anonymous], HONEYPOTS TRACKING H

[5]

[Anonymous], 1996, Proceedings of 1996 IEEE Symposium on Security and Privacy, DOI DOI 10.1109/SECPRI.1996.502675

[6] A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks [J].

Artail, Hassan ;

Safa, Haidar ;

Sraj, Malek ;

Kuwatly, Iyad ;

Al-Masri, Zaid .

COMPUTERS & SECURITY, 2006, 25 (04) :274-288

[7]

Boicea Alexandru, 2012, 2012 Third International Conference on Emerging Intelligent Data and Web Technologies, P330, DOI [10.1109/EIDWT.2012.32, DOI 10.1109/EIDWT.2012.32]

[8]

BORGELT C, 2002, P 15 C COMP STAT, P1

[9]

Borgelt Christian., 2005, Proceedings of the 1st International Workshop on Open Source Data Mining: Frequent Pattern Mining Implementations, P66

[10] Anomaly Extraction in Backbone Networks Using Association Rules [J].

Brauckhoff, Daniela ;

Dimitropoulos, Xenofontas ;

Wagner, Arno ;

Salamatian, Kave .

IEEE-ACM TRANSACTIONS ON NETWORKING, 2012, 20 (06) :1788-1799

← 1 2 3 4 5 →