M4D - Multimodal Data Fusion and Analytics Group
Published June 22, 2022 | Version v1
Conference paper Open

Host-based Cyber Attack Pattern Identification on Honeypot Logs Using Association Rule Learning

Creators

  • 1. Information Technologies Institute, CERTH, Thessaloniki, Greece

Description

Attack pattern identification is a significant step for protecting organisations from cyber-threats, as it can be used to reveal valuable patterns, enabling the better detection and analysis of the respective attacks that can be leveraged for the development of effective and efficient Intrusion Detection Systems. In this work, Association Rule Learning (ARL), a data mining technique, is used for the identification of attack patterns from data collected from a public honeypot. Using the FP-Growth ARL algorithm, we identified different patterns of attacks and correlated the respective commands executed by various attackers. To our knowledge, this is the first time ARL has been used to extract attack patterns from commands run by the attackers using real-world log data collected at the host level.

Notes

This is the accepted version of the paper. The final version of the paper can be found at https://ieeexplore.ieee.org/xpl/conhome/9850275/proceeding

Files

2022.IEEE.CSR.ARL.pdf

Files (169.2 kB)

Name Size Download all
md5:f618499968868424f1420c30bdd78b28
169.2 kB Preview Download

Additional details

Funding

FORESIGHT – Advanced cyber-security simulation platform for preparedness training in Aviation, Naval and Power-grid environments 833673
European Commission
ECHO – European network of Cybersecurity centres and competence Hub for innovation and Operations 830943
European Commission