Open AccessCharacterization of attacks collected from the deployment of Web service honeypot
Author(s) -
Ghourabi Abdallah,
Abbes Tarek,
Bouhoula Adel
Publication year - 2014
Publication title -
security and communication networks
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.446
H-Index - 43
eISSN - 1939-0122
pISSN - 1939-0114
DOI - 10.1002/sec.737
Subject(s) - honeypot , computer science , denial of service attack , the internet , computer security , task (project management) , software deployment , cluster analysis , web service , service (business) , world wide web , support vector machine , operating system , artificial intelligence , management , economy , economics
Honeypots play an important role in collecting relevant information about malicious activities that happen on the Internet. In this paper, we are particularly interested in attacks targeting Web services. We therefore propose a honeypot implementation for Web services, called WS Honeypot. However, the data collected by honeypots can become very large, which greatly complicates the analysis task performed by the human analyst. As a solution for this problem, we propose in this paper an automatic technique to analyze the data collected from our WS Honeypot. The proposed approach is based on four machine learning methods: support vector machines, support vector regression, spectral clustering, and k ‐means clustering. Our main objectives are to analyze the collected data, automatically characterizing the captured attacks and detecting the denial‐of‐service and novel attacks. Copyright © 2013 John Wiley & Sons, Ltd.