Abstract
This paper presents the R-D Akaike Information Criterion (AIC) and R-D Minimum Description Length (MDL) for automatically identification of malicious activities in honeypot networks based on state of the art model order selection schemes. Model order selection (MOS) schemes are frequently applied in several signal processing applications, such as RADAR, SONAR, communications, channel modeling, medical imaging, and parameters estimation of dominant multipath components from MIMO channel measurements. The proposal of this paper is a new application for these MOS schemes, which is the identification of the malicious activity in honeypots. The proposed blind automatic techniques are efficient and need neither previous training nor knowledge of attack signatures for detecting malicious activities. In order to achieve such results an innovative approach is considered which models network traffic data as signals and noise allowing the application of signal processing methods. The model order selection schemes are adapted to process network data, showing that the R-D Modified AIC and R-D MDL solve the limitations of other schemes because they can be applied to honeypot networks composed by several computers. The performance of the proposed solution is evaluated using the Probability of Detection (PoD).
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: The International Journal of Forensic Computer Science
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
