Abstract

A honeypot system can be deployed to decoy and record malicious intrusions over the Internet. However, events logged by a honeypot can rapidly accumulate an enormous amount of data, which an administrator will be unable to handle. The proposed system combines episode mining and pruning, and allows an administrator to identify suspected intrusions, and thus focus his energy on addressing them, instead of reading enormous amounts of raw data. An attack episode is composed of a series of events, and represents an Internet intrusion as a series of relevant events occurring to a victim host in a specific sequence. Due to the variety of internet attacks, this paper focuses on discovering attack episodes for the Server Message Block (SMB) protocol, which provides Microsoft Windows Network services. Experiments show that the proposed approach can locate suspicious episodes that are very likely novel attacks, from an immense amount of logged data.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Attack Patterns Discovery by Frequent Episodes Mining from Honeypot Systems
Ming-Yang Su ... Kai-Chi Chang
-
Ming-Yang Su, et. al.Ming-Yang Su ... Kai-Chi Chang
01 Jan 2009
Discovery and prevention of attack episodes by frequent episodes mining and finite state machines
Ming-Yang Su
Journal of Network and Computer Applications | VOL. 33
Ming-Yang SuMing-Yang Su
30 Oct 2009
4 - Server Message Block Protocol
-
NETBIOS Report and Reference | VOL. -
--
01 Jan 1991
Mount SMB.pcap: Reconstructing file systems and file operations from network traffic
Jan-Niclas Hilgert ... Martin Lambertz
Forensic Science International: Digital Investigation | VOL. 50
Jan-Niclas Hilgert, et. al.Jan-Niclas Hilgert ... Martin Lambertz
01 Oct 2024
View more papers

More From: Computers & Electrical Engineering

Paper Title
Journal
Date
Author
Editorial Board
-
Computers & Electrical Engineering | VOL. 98
--
09 Feb 2022
Robust longitudinal motion control of underground mining electric vehicles based on fuzzy parameter tuning sliding mode controller
Wenjie Ye ... Jinchuan Zheng
Computers & Electrical Engineering | VOL. 98
Wenjie Ye, et. al.Wenjie Ye ... Jinchuan Zheng
05 Feb 2022
Quantile correlative deep feedforward multilayer perceptron for crop yield prediction
V Sivanantham ... Dirar Sweidan
Computers & Electrical Engineering | VOL. 98
V Sivanantham, et. al.V Sivanantham ... Dirar Sweidan
03 Feb 2022
Smart defense against distributed Denial of service attack in IoT networks using supervised learning classifiers
B.B Gupta ... Nadia Nedjah
Computers & Electrical Engineering | VOL. 98
B.B Gupta, et. al.B.B Gupta ... Nadia Nedjah
02 Feb 2022
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.