Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation
Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
Sandnet: network traffic analysis of malicious software
Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security
Hi-index | 0.00 |
We report preliminary results on analyzing a large dataset of over 35 billion alerts recorded over a 5 year period by Hewlett-Packard (HP) TippingPoint Intrusion Prevention System (IPS) devices located in over 1,000 customer networks worldwide. This dataset provides a rich view into the nature of attacks, both external and internal, across diverse networks. This paper presents our initial findings. For example, (i) while most customers are among the early victims of only a handful of attacks, a few customers are early victims of a large number of attacks, (ii) vendor vulnerability disclosures sometimes lead to a surge in exploit attempts, and (iii) even after a decade, some worms such as Slammer show very significant spikes in their activity and infection rates.