An entropy and volume-based approach for identifying malicious activities in honeynet traffic

Proceedings - 2011 International Conference on Cyberworlds, Cyberworlds 2011

Volumn , Issue , 2011, Pages 23-30

  Sqalli, Mohammed H ^a   Firdous, Syed Naeem ^a   Baig, Zubair ^a   Azzedin, Farag ^a  

^a KING FAHD UNIVERSITY OF PETROLEUM AND MINERALS   (Saudi Arabia)

Author keywords

Anomaly Detection; Cybersecurity; Entropy; Honeynet

Indexed keywords

ANALYSIS OF VARIOUS; ANOMALY DETECTION; CYBER SECURITY; ENTROPY DISTRIBUTION; FEATURE-BASED; HONEYNET; MALICIOUS ACTIVITIES; NETWORK ACTIVITIES; THRESHOLD LEVELS; TRAFFIC FEATURES; VOLUME DISTRIBUTIONS;

ENTROPY; PERSONAL COMPUTING;

FOOD PRODUCTS;

EID: 83355167101     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CW.2011.35     Document Type: Conference Paper

References (18)

1. J. Levine, R. LaBella, H. Owen, D. Contis, and B. Culver, "The use of Honeynets to detect exploited systems across large enterprise networks," in Proceedings of the 2003 IEEE Workshop on Information Assurance, United States Military Academy, West Point, NY June 2003. pp. 92-99.
2. L. Spitzner, "Honeypots: Tracking Hackers", Addison-Wesley, Available from: http://www.tracking-hackers.com/book/, 2003.
3. L. Spitzner, "Honeypots, Definitions and Value of Honeypots,"Available from: http://www.spitzner.net/honeypots.html, May 2003.
4. P. Barford, Y. Chen, A. Goyal, Z. Li, V. Paxson, and V. Yegneswaran, "Employing Honeynets For Network Situational Awareness," in Cyber Situational Awareness. Vol. 46, S. Jajodia, P. Liu, V. Swarup, and C. Wang, Eds., ed: Springer US, 2010, pp. 71-102.
5. V. Chandola, A. Banerjee, and V. Kumar, "Anomaly detection,"ACM Computing Surveys, Vol. 41, pp. 1-58, 2009.
6. O. Thonnard and M. Dacier, "A framework for attack patterns' discovery in honeynet data," in Digital Investigation, Vol. 5, pp. S128-S139, 2008.
7. A. Dainotti, A. Pescape, and G. Ventre, "NIS04-1: wavelet-based detection of DoS attacks", in Proceedingd of the IEEE Global Telecommunications Conference, GLOBECOM'06, San Francisco, USA, 2006, pp. 1-6.
8. J. Haggerty, T. Berry, Q. Shi, and M. Merabti, "DiDDeM: A System for Early Detection of TCP SYN Flood Attacks", in Proceedings of the IEEE Globecom 2004 - Security and Network Management, USA, 2004, pp. 2037-2042.
9. nd BioInspired Models of Network Information and Computing Systems, 2007, pp. 93-96.
10. nd ACM SIGCOMM Workshop on Internet measurment, Marseille, France, 2002.
11. A. Lakhina, M. Crovella, and C. Diot, "Mining anomalies using traffic feature distributions," in the Proceedings of the 2005 Conference on Applications, technologies, architectures, and protocols for computer communications, Philadelphia, Pennsylvania, USA, 2005.
12. th ACM SIGCOMM Conference on Internet Measurement, Vouliagmeni, Greece, 2008.
13. A. Kind, M. P. Stoecklin, and X. Dimitropoulos, "Histogram-based traffic anomaly detection," Network and Service Management, IEEE Transactions, Vol. 6, pp. 110-121, 2009.
14. th IEEE International Conference on Policies for Distributed Systems and Networks, London, United Kingdom, 2009.
15. García-Teodoro, P., J. Díaz-Verdejo, G. Maciá-Fernández, and E. Vázquez, "Anomaly-based network intrusion detection: Techniques, systems and challenges," Computers & Security, 28(1-2), pp. 18-28, 2008.
16. Honeynet Project, "Honeynet Project Challenges," Available from: http://www.honeynet.org/challenges.
17. hack.lu, "Information Security Visualization Contest," hack.lu 2009, Available from: http://2009.hack.lu/index.php/InfoVisContest," 2009.
18. Lakhina, A., M. Crovella, and C. Diot, "Diagnosing network-wide traffic anomalies," SIGCOMM Comput. Commun. Rev., 34(4), pp. 219-230, 2004.