Publikation
Data Mining in Long-Term Honeypot Data
Daniel Fraunholz; Marc Ruffing; Alexander Hafner; Hans Dieter Schotten
In: 2017 IEEE International Conference on Data Mining Workshops (ICDMW). IEEE International Conference on Data Mining Workshops (ICDMW-2017), Data Mining for Cyber Security, located at ICDM, November 18-21, New Orleans, LA, USA, Pages 649-656, ISBN 978-1-5386-3800-2, IEEE, 2017.
Zusammenfassung
Criminal activity in the Internet is becoming more sophisticated. Traditional information security techniques hardly cope with recent trends. Honeypots proved to be a valuable source of threat intelligence. In this work several Honeypots are combined into a Honeynet and observed exploitation attempts. The Honeynet consists of six Honeypots and was operated for 222 days. 12 million exploitation attempts were captured. The captured data is examined and evaluated. Several hypotheses are proposed and analyzed. Dependencies and distribution within the data are identified and quantified. Investigated features are: Temporal and spatial distribution, attacked protocols, involved autonomous systems and the employed dictionaries.