We describe the on-going work towards further automating the analysis of data generated by a large honeynet architecture called Leurre.com and SGNET. The underlying motivation is helping us to integrate the use of honeypot data into daily network security monitoring. We propose a system based on two automated steps: i) the detection of relevant attack events within a large honeynet traffic data set, and ii) the extraction of highly similar events based on temporal correlation.
Automating the analysis of honeypot data
Book chapter in "Recent Advances in Intrusion Detection", published as LNCS, Volume 5230/2008, ISBN:978-3-540-87402-7
© Springer. Personal use of this material is permitted. The definitive version of this paper was published in Book chapter in "Recent Advances in Intrusion Detection", published as LNCS, Volume 5230/2008, ISBN:978-3-540-87402-7 and is available at : http://dx.doi.org/10.1007/978-3-540-87403-4_29
PERMALINK : https://www.eurecom.fr/publication/3123