Title :
Towards High Level Attack Scenario Graph through Honeynet Data Correlation Analysis
Author :
Zhuge, Jianwei ; Han, Xinhui ; Chen, Yu ; Ye, Zhiyuan ; Zou, Wei
Author_Institution :
Inst. of Comput. Sci. & Technol., Peking Univ., Beijing
Abstract :
Honeynet data analysis has become a core requirement of honeynet technology. However, current honeynet data analysis mechanisms are still unable to provide security analysts enough capacities of comprehend the captured data quickly, in particular, there is no work done on behavior level correlation analysis. Towards providing high level attack scenario graphs, in this paper, we propose a honeynet data correlation analysis model and method. Based on a network attack and defense knowledge base and network environment perceiving mechanism, our proposed honeynet data correlation analysis method can recognize the attacker/s plan from a large volume of captured data and consequently reconstruct attack scenarios. Two proof-of-concept experiments on Scan of the Month 27 dataset and in-the-wild botnet scenarios are presented to show the effectiveness of our method
Keywords :
data analysis; data visualisation; graph theory; security of data; data analysis; high level attack scenario graph; honeynet data correlation analysis; network attack; security threat; Data analysis; Data security; Data visualization; Information analysis; Information security; Internet; Knowledge representation; Risk analysis; Scholarships; Statistical analysis;
Conference_Titel :
Information Assurance Workshop, 2006 IEEE
Conference_Location :
West Point, NY
Print_ISBN :
1-4244-0130-5
DOI :
10.1109/IAW.2006.1652098
