Automating the Analysis of Honeypot Data (Extended Abstract)

Authors:
Olivier Thonnard;Jouni Viinikka;Corrado Leita;Marc Dacier
Affiliations:
Institut Eurecom,;France Telecom R&D,;Institut Eurecom,;Symantec Research Labs, France
Venue:
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Year:
2008

Citing 3
Cited 0

SGNET: A Worldwide Deployable Framework to Support the Analysis of Malware Threat Models

EDCC-7 '08 Proceedings of the 2008 Seventh European Dependable Computing Conference
Processing intrusion detection alert aggregates with time series modeling

Information Fusion
A new graph-theoretic approach to clustering and segmentation

CVPR'03 Proceedings of the 2003 IEEE computer society conference on Computer vision and pattern recognition

Quantified Score

Hi-index	0.00

Visualization

Abstract

We describe the on-going work towards further automating the analysis of data generated by a large honeynet architecture called Leurre.com and SGNET. The underlying motivation is helping us to integrate the use of honeypot data into daily network security monitoring. We propose a system based on two automated steps: i)the detection of relevant attack events within a large honeynet traffic data set, and ii)the extraction of highly similar events based on temporal correlation.