Algorithms for clustering data
Algorithms for clustering data
An Analysis of Some Graph Theoretical Cluster Techniques
Journal of the ACM (JACM)
A symbolic representation of time series, with implications for streaming algorithms
DMKD '03 Proceedings of the 8th ACM SIGMOD workshop on Research issues in data mining and knowledge discovery
BLINC: multilevel traffic classification in the dark
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Toward a Query Language for Network Attack Data
ICDEW '06 Proceedings of the 22nd International Conference on Data Engineering Workshops
Advanced Indexing Techniques for Wide-Area Network Monitoring
ICDEW '05 Proceedings of the 21st International Conference on Data Engineering Workshops
Semi-automated discovery of application session structure
Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Using uncleanliness to predict future botnet addresses
Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
An Improved Ant Colony Optimization for the Maximum Clique Problem
ICNC '07 Proceedings of the Third International Conference on Natural Computation - Volume 04
A new graph-theoretic approach to clustering and segmentation
CVPR'03 Proceedings of the 2003 IEEE computer society conference on Computer vision and pattern recognition
The nepenthes platform: an efficient approach to collect malware
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Proceedings of the 4th ACM workshop on Security and artificial intelligence
Network forensic frameworks: Survey and research challenges
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Hi-index | 0.00 |
Collecting data related to Internet threats has now become a relatively common task for security researchers and network operators. However, the huge amount of raw data can rapidly overwhelm people in charge of analyzing such data sets. Systematic analysis procedures are thus needed to extract useful information from large traffic data sets in order to assist the analyst's investigations. This work describes an analysis framework specifically developed to gain insights into honeynet data. Our forensics procedure aims at finding, within an attack data set, groups of network traces sharing various kinds of similar patterns. In our exploratory data analysis, we seek to design a flexible clustering tool that can be applied in a systematic way on different feature vectors characterizing the attacks. In this paper, we illustrate the application of our method by analyzing one specific aspect of the honeynet data, i.e. the time series of the attacks. We show that clustering attack patterns with an appropriate similarity measure provides very good candidates for further in-depth investigation, which can help us to discover the plausible root causes of the underlying phenomena. The results of our clustering on time series analysis enable us to identify the activities of several worms and botnets in the collected traffic.