UPDATE: Zenodo migration postponed to Oct 13 from 06:00-08:00 UTC. Read the announcement.

Conference paper Open Access

Host-based Cyber Attack Pattern Identification on Honeypot Logs Using Association Rule Learning

Angelos Papoutsis; Christos Iliou; Dimitris Kavallieros; Theodora Tsikrika; Stefanos Vrochidis; Ioannis Kompatsiaris

Attack pattern identification is a significant step for protecting organisations from cyber-threats, as it can be used to reveal valuable patterns, enabling the better detection and analysis of the respective attacks that can be leveraged for the development of effective and efficient Intrusion Detection Systems. In this work, Association Rule Learning (ARL), a data mining technique, is used for the identification of attack patterns from data collected from a public honeypot. Using the FP-Growth ARL algorithm, we identified different patterns of attacks and correlated the respective commands executed by various attackers. To our knowledge, this is the first time ARL has been used to extract attack patterns from commands run by the attackers using real-world log data collected at the host level.

This is the accepted version of the paper. The final version of the paper can be found at https://ieeexplore.ieee.org/xpl/conhome/9850275/proceeding
Files (169.2 kB)
Name Size
169.2 kB Download
All versions This version
Views 7474
Downloads 7070
Data volume 12.1 MB12.1 MB
Unique views 5757
Unique downloads 6060


Cite as