An Entropy and Volume-Based Approach for Identifying Malicious Activities in Honeynet Traffic
Honeynets are an increasingly popular choice deployed by organizations to lure attackers into a trap network, for collection and analysis of unauthorized network activity. A Honeynet captures substantial amount of data and logs for analysis in order to identify malicious activities perpetrated by th...
Saved in:
Published in | 2011 International Conference on Cyberworlds pp. 23 - 30 |
---|---|
Main Authors | , , , |
Format | Conference Proceeding |
Language | English |
Published |
IEEE
01.10.2011
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Honeynets are an increasingly popular choice deployed by organizations to lure attackers into a trap network, for collection and analysis of unauthorized network activity. A Honeynet captures substantial amount of data and logs for analysis in order to identify malicious activities perpetrated by the hacker community. The analysis of this large amount of data is a challenging task. Through this paper, we propose a technique based on the entropy and volume thresholds of selected network features to efficiently analyze Honeynet data, and identify malicious activities. Our technique consists of both feature-based and volume-based schemes to identify malicious activities in the Honeynet traffic. Through deployment of our proposed approach, a detailed analysis of various traffic features is conducted and the most appropriate features for Honeynet traffic are thereupon selected. The anomalies are identified using entropy distributions and volume distributions, along with their corresponding threshold levels. The proposed scheme proves to be effective in identifying most types of anomalies seen in Honeynet traffic. |
---|---|
ISBN: | 9781457714535 1457714531 |
DOI: | 10.1109/CW.2011.35 |