Share Email Print

Proceedings Paper

Evaluation of data mining techniques for suspicious network activity classification using honeypots data
Author(s): André Grégio; Rafael Santos; Antonio Montes
Format Member Price Non-Member Price
PDF $17.00 $21.00

Paper Abstract

As the amount and types of remote network services increase, the analysis of their logs has become a very difficult and time consuming task. There are several ways to filter relevant information and provide a reduced log set for analysis, such as whitelisting and intrusion detection tools, but all of them require too much fine- tuning work and human expertise. Nowadays, researchers are evaluating data mining approaches for intrusion detection in network logs, using techniques such as genetic algorithms, neural networks, clustering algorithms, etc. Some of those techniques yield good results, yet requiring a very large number of attributes gathered by network traffic to detect useful information. In this work we apply and evaluate some data mining techniques (K-Nearest Neighbors, Artificial Neural Networks and Decision Trees) in a reduced number of attributes on some log data sets acquired from a real network and a honeypot, in order to classify traffic logs as normal or suspicious. The results obtained allow us to identify unlabeled logs and to describe which attributes were used for the decision. This approach provides a very reduced amount of logs to the network administrator, improving the analysis task and aiding in discovering new kinds of attacks against their networks.

Paper Details

Date Published: 9 April 2007
PDF: 10 pages
Proc. SPIE 6570, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2007, 657006 (9 April 2007); doi: 10.1117/12.719023
Show Author Affiliations
André Grégio, Brazilian Institute for Space Research (Brazil)
Renato Archer Research Ctr. (Brazil)
Rafael Santos, Brazilian Institute for Space Research (Brazil)
Antonio Montes, Renato Archer Research Ctr. (Brazil)

Published in SPIE Proceedings Vol. 6570:
Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2007
Belur V. Dasarathy, Editor(s)

© SPIE. Terms of Use
Back to Top