Data Mining in Long-Term Honeypot Data

Daniel Fraunholz, Marc Zimmermann, Alexander Hafner, Hans Dieter Schotten

In: 2017 IEEE International Conference on Data Mining Workshops (ICDMW). IEEE International Conference on Data Mining Workshops (ICDMW-2017) Data Mining for Cyber Security located at ICDM November 18-21 New Orleans LA United States Pages 649-656 ISBN 978-1-5386-3800-2 IEEE 2017.


Criminal activity in the Internet is becoming more sophisticated. Traditional information security techniques hardly cope with recent trends. Honeypots proved to be a valuable source of threat intelligence. In this work several Honeypots are combined into a Honeynet and observed exploitation attempts. The Honeynet consists of six Honeypots and was operated for 222 days. 12 million exploitation attempts were captured. The captured data is examined and evaluated. Several hypotheses are proposed and analyzed. Dependencies and distribution within the data are identified and quantified. Investigated features are: Temporal and spatial distribution, attacked protocols, involved autonomous systems and the employed dictionaries.


German Research Center for Artificial Intelligence
Deutsches Forschungszentrum für Künstliche Intelligenz