Data mining: practical machine learning tools and techniques with Java implementations
Data mining: practical machine learning tools and techniques with Java implementations
ACM Transactions on Information and System Security (TISSEC)
An empirical analysis of NATE: Network Analysis of Anomalous Traffic Events
Proceedings of the 2002 workshop on New security paradigms
An Analysis of the Slapper Worm
IEEE Security and Privacy
Implementing CIFS: The Common Internet File System
Implementing CIFS: The Common Internet File System
Honeycomb: creating intrusion detection signatures using honeypots
ACM SIGCOMM Computer Communication Review
J-Honeypot: A Java-Based Network Deception Tool with Monitoring and Intrusion Detection
ITCC '04 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 2 - Volume 2
An Experimental Evaluation to Determine if Port Scans are Precursors to an Attack
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
A Clustering Approach to Wireless Network Intrusion Detection
ICTAI '05 Proceedings of the 17th IEEE International Conference on Tools with Artificial Intelligence
HICSS '06 Proceedings of the 39th Annual Hawaii International Conference on System Sciences - Volume 06
HonIDS: Enhancing Honeypot System with Intrusion Detection Models
IWIA '06 Proceedings of the Fourth IEEE International Workshop on Information Assurance
A new unsupervised anomaly detection framework for detecting network attacks in real-time
CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
Wireless telemedicine and m-health: technologies, applications and research issues
International Journal of Sensor Networks
DarkNOC: dashboard for honeypot management
LISA'11 Proceedings of the 25th international conference on Large Installation System Administration
A survey of security visualization for computer network logs
Security and Communication Networks
Security and Communication Networks
Hi-index | 0.00 |
The goal of this paper is to evaluate the efficiency of connection characteristics to separate different attack families that target a single TCP port. Identifying the most relevant characteristics might allow statistically separating attack families without systematically using forensics. This study is based on a dataset collected over 117 days using a test-bed of two high interaction honeypots. The results indicated that to separate unsuccessful from successful attacks in malicious traffic: the number of bytes is a relevant characteristic; time-based characteristics are poor characteristics; using combinations of characteristics does not improve the efficiency of separating attacks.