A framework for attack patterns' discovery in honeynet data

Digital Investigation

Volumn 5, Issue SUPPL., 2008, Pages

  Thonnard, Olivier ^a   Dacier, Marc ^b  

^a ROYAL MILITARY ACADEMY   (Belgium)

^b EURECOM   (France)

Author keywords

Attack patterns; Honeypot forensics; Knowledge discovery; Security data mining; Traffic analysis

Indexed keywords

DATA MINING; TIME SERIES ANALYSIS;

ANALYSIS FRAMEWORKS; ATTACK PATTERNS; EXPLORATORY DATA ANALYSIS; HONEYPOT FORENSICS; SECURITY DATA MINING; SIMILARITY MEASURE; SYSTEMATIC ANALYSIS; TRAFFIC ANALYSIS;

NETWORK SECURITY;

EID: 48749129421     PISSN: 17422876     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.diin.2008.05.012     Document Type: Article

References (30)

1. Baecher P, Koetter M, Holz T, Dornseif M, Freiling F. The nepenthes platform: an efficient approach to collect malware. In: Proceedings of the 9th international symposium on recent advances in intrusion detection (RAID); September 2006.
2. Bomze I., Budinich M., Pardalos P., and Pelillo M. The maximum clique problem. Handbook of combinatorial optimization vol. 4 (1999), Kluwer Academic Publishers, Boston, MA
3. Chen B, Yegneswaran V, Barford P, Ramakrishnan R. Toward a query language for network attack data. In: Second IEEE workshop on networks meets databases (NetDB '06); April 2006.
4. Chen Z, Gao L, Kwiat K. Modeling the spread of active worms; 2003.
5. Collins M.P., Shimeall T.J., Faber S., Janies J., Weaver R., De Shon M., et al. Using uncleanliness to predict future botnet addresses. IMC '07: Proceedings of the seventh ACM SIGCOMM conference on Internet measurement (2007), ACM, New York, NY, USA 93-104
6. Dagon D, Zou C, Lee W. Modeling botnet propagation using time zones. In: Proceedings of the 13th annual network and distributed system security symposium (NDSS'06); February 2006.
7. De Smet F., Mathys J., Marchal K., Thijs G., De Moor B., and Moreau Y. Adaptive quality-based clustering of gene expression profiles. Journal of Bioinformatics 18 (2002) 735-746
8. DShield. Available from: .
9. Internet motion sensor. Available from: .
10. Gary Augustson J., and Minker J. An analysis of some graph theoretical cluster techniques. Journal of the ACM 17 4 (1970) 571-588
11. Jain AK, Dubes RC. Algorithms for clustering data. Prentice-Hall advanced reference series; 1988.
12. Kannan J., Jung J., Paxson V., and Koksal C. Semi-automated discovery of application session structure. IMC '06: Proceedings of the sixth ACM SIGCOMM conference on Internet measurement (2006), ACM 119-132
13. Karagiannis T., Papagiannaki K., and Faloutsos M. Blinc: multilevel traffic classification in the dark. SIGCOMM Computer Communication Review 35 4 (2005) 229-240
14. Li X, Bian F, Zhang H, Diot C, Govindan R, Hong W, et al. Advanced indexing techniques for wide-area network monitoring. In: First IEEE international workshop on networking meets databases (NetDB); 2005.
15. Lin J, Keogh E, Lonardi S, Chiu B. A symbolic representation of time series, with implications for streaming algorithms. In: Proceedings of the eighth ACM SIGMOD workshop on research issues in data mining and knowledge discovery, California, USA; 2003.
16. McHugh J. Sets, bags, and rock and roll: analyzing large data sets of network data. In: ESORICS; 2004. p. 407-22.
17. Moore D, Shannon C, Voelker GM, Savage S. Network telescopes: technical report. CAIDA; April 2004.
18. Pardalos P.M., and Xue J. The maximum clique problem. Journal of Global Optimization 4 (1994) 301-328
19. Pavan M, Pelillo M. A new graph-theoretic approach to clustering and segmentation. In: Proceedings of the IEEE conference on computer vision and pattern recognition; 2003.
20. Provos N. A virtual honeypot framework. In: Proceedings of the 13th USENIX security symposium; 2004.
21. Pouget F, Dacier M. Honeypot-based forensics. In: AusCERT2004, Brisbane, Australia; 23rd-27th May 2004.
22. Pouget F., Dacier M., Zimmerman J., Clark A., and Mohay G. Internet attack knowledge discovery via clusters and cliques of attack traces. Journal of Information Assurance and Security 1 1 (March 2006)
23. Pouget F, Urvoy Keller G, Dacier M. Time signatures to detect multi-headed stealthy attack tools. In: 18th annual FIRST conference, June 25-30, 2006, Baltimore, USA; June 2006b.
24. Riordan J, Zamboni D, Duponchel Y. Building and deploying billy goat, a worm-detection system. In: Proceedings of the 18th annual FIRST conference; 2006.
25. Sophos threat analysis. W32/allaple-b. Available from: .
26. Team Cymru. Darknet project. Available from: .
27. The Leurre.com project. Available from: .
28. Werner T. Honeytrap. Available from: .
29. Xinshun X, Jun M, Jingsheng L. An improved ant colony optimization for the maximum clique problem. In: Third international conference on natural computation (ICNC 2007), vol. IV; 2007. p. 766-70.
30. Yegneswaran V, Barford P, Paxson V. Using honeynets for internet situational awareness. In: Fourth ACM SIGCOMM workshop on hot topics in networking (Hotnets IV); 2005.