Automating the analysis of honeypot data

Thonnard, Olivier; Viinikka, Jouni; Leita, Corrado; Dacier, Marc
Book chapter in "Recent Advances in Intrusion Detection", published as LNCS, Volume 5230/2008, ISBN:978-3-540-87402-7

We describe the on-going work towards further automating the analysis of data generated by a large honeynet architecture called Leurre.com and SGNET. The underlying motivation is helping us to integrate the use of honeypot data into daily network security monitoring. We propose a system based on two automated steps: i) the detection of relevant attack events within a large honeynet traffic data set, and ii) the extraction of highly similar events based on temporal correlation.


DOI
Type:
Ouvrage
Date:
2008-09-18
Department:
Sécurité numérique
Eurecom Ref:
3123
Copyright:
© Springer. Personal use of this material is permitted. The definitive version of this paper was published in Book chapter in "Recent Advances in Intrusion Detection", published as LNCS, Volume 5230/2008, ISBN:978-3-540-87402-7 and is available at : http://dx.doi.org/10.1007/978-3-540-87403-4_29

PERMALINK : https://www.eurecom.fr/publication/3123