Applying episode mining and pruning to identify malicious online attacks. (April 2017)
- Record Type:
- Journal Article
- Title:
- Applying episode mining and pruning to identify malicious online attacks. (April 2017)
- Main Title:
- Applying episode mining and pruning to identify malicious online attacks
- Authors:
- Su, Ming-Yang
- Abstract:
- Graphical abstract: Highlights: All on-line attempts to access a honeypot can be regarded as attacks. A honeypot's logs can be very large, which an administrator will be unable to handle. We apply serial episode mining and two-round pruning to identify suspected attack. The experiments conducted in this paper focus on port 445 for the SMB protocol. Abstract: A honeypot system can be deployed to decoy and record malicious intrusions over the Internet. However, events logged by a honeypot can rapidly accumulate an enormous amount of data, which an administrator will be unable to handle. The proposed system combines episode mining and pruning, and allows an administrator to identify suspected intrusions, and thus focus his energy on addressing them, instead of reading enormous amounts of raw data. An attack episode is composed of a series of events, and represents an Internet intrusion as a series of relevant events occurring to a victim host in a specific sequence. Due to the variety of internet attacks, this paper focuses on discovering attack episodes for the Server Message Block (SMB) protocol, which provides Microsoft Windows Network services. Experiments show that the proposed approach can locate suspicious episodes that are very likely novel attacks, from an immense amount of logged data.
- Is Part Of:
- Computers & electrical engineering. Volume 59(2017)
- Journal:
- Computers & electrical engineering
- Issue:
- Volume 59(2017)
- Issue Display:
- Volume 59, Issue 2017 (2017)
- Year:
- 2017
- Volume:
- 59
- Issue:
- 2017
- Issue Sort Value:
- 2017-0059-2017-0000
- Page Start:
- 180
- Page End:
- 188
- Publication Date:
- 2017-04
- Subjects:
- Honeypot system -- Episode -- Episode mining -- Episode pruning -- Server Message Block (SMB)
Computer engineering -- Periodicals
Electrical engineering -- Periodicals
Electrical engineering -- Data processing -- Periodicals
Ordinateurs -- Conception et construction -- Périodiques
Électrotechnique -- Périodiques
Électrotechnique -- Informatique -- Périodiques
Computer engineering
Electrical engineering
Electrical engineering -- Data processing
Periodicals
Electronic journals
621.302854 - Journal URLs:
- http://www.sciencedirect.com/science/journal/00457906/ ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.compeleceng.2015.08.015 ↗
- Languages:
- English
- ISSNs:
- 0045-7906
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.680000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 233.xml