Using honeypots to analyse anomalous Internet activities

摘要: Monitoring Internet traffic is critical in order to acquire a good understanding of threats computer and network security designing efficient systems. Researchers administrators have applied several approaches monitoring for malicious content. These techniques include components, aggregating IDS alerts, unused IP address spaces. Another method analyzing traffic, which has been widely tried accepted, the use honeypots. Honeypots are very valuable resources gathering artefacts associated with variety attack activities. As honeypots run no production services, any contact them considered potentially or suspicious by definition. This unique characteristic honeypot reduces amount collected makes it more source information than other existing techniques. Currently, there insufficient research data analysis field. To date, most work on devoted design new optimizing current ones. Approaches from honeypots, especially low-interaction presently immature, while manual focus mainly identifying attacks. addresses need developing advanced We believe that characterizing will improve networks and, if handled time, give early signs vulnerabilities breakouts automated codes, such as worms. The outcomes this include: • Identification repeated tools processes through grouping activities exhibit similar packet inter-arrival time distributions using cliquing algorithm; Application principal component detect structure attackers’ present visualize behaviors; Detection attacks component’s residual space square prediction error statistic; Real-time detection recursive analysis; A proof concept implementation real monitoring.