Title :
Characterization of Attackers´ Activities in Honeypot Traffic Using Principal Component Analysis
Author :
Almotairi, S. ; Clark, A. ; Mohay, G. ; Zimmermann, J.
Author_Institution :
Inf. Security Inst., Queensland Univ. of Technol., Brisbane, QLD
Abstract :
Monitoring Internet traffic is critical in order to acquire a good understanding of threats and in designing efficient security systems. While honeypots are flexible security tools for gathering intelligence of Internet attacks, traffic collected by honeypots is of high dimensionality that makes it difficult to characterize. In this paper, we propose the use of principal component analysis, a multivariate analysis technique, for characterizing honeypot traffic and separating latent groups of activities. In addition, we show the usefulness of principal component plots in visualizing the interrelationships between the detected groups of activities and in finding outliers. This work is demonstrated through the use of low interaction honeypot traffic data from the Leurre.com project, a world wide deployment of low interaction honeypots.
Keywords :
Internet; principal component analysis; telecommunication security; telecommunication traffic; Internet attacks; Internet traffic; honeypot traffic; multivariate analysis technique; principal component analysis; Australia; Clustering algorithms; Data mining; IP networks; Information security; Monitoring; Parallel processing; Personal communication networks; Principal component analysis; Telecommunication traffic; Internet traffic characterization; honeypots; principal component analysis; traffic analysis;
Conference_Titel :
Network and Parallel Computing, 2008. NPC 2008. IFIP International Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-0-7695-3354-4
DOI :
10.1109/NPC.2008.82
