Conference paper Open Access
Host-based Cyber Attack Pattern Identification on Honeypot Logs Using Association Rule Learning
Angelos Papoutsis;
Christos Iliou;
Dimitris Kavallieros;
Theodora Tsikrika;
Stefanos Vrochidis;
Ioannis Kompatsiaris
Attack pattern identification is a significant step for protecting organisations from cyber-threats, as it can be used to reveal valuable patterns, enabling the better detection and analysis of the respective attacks that can be leveraged for the development of effective and efficient Intrusion Detection Systems. In this work, Association Rule Learning (ARL), a data mining technique, is used for the identification of attack patterns from data collected from a public honeypot. Using the FP-Growth ARL algorithm, we identified different patterns of attacks and correlated the respective commands executed by various attackers. To our knowledge, this is the first time ARL has been used to extract attack patterns from commands run by the attackers using real-world log data collected at the host level.
| Name | Size | |
|---|---|---|
|
2022.IEEE.CSR.ARL.pdf
md5:f618499968868424f1420c30bdd78b28 |
169.2 kB | Download |
| All versions | This version | |
|---|---|---|
| Views | 74 | 74 |
| Downloads | 70 | 70 |
| Data volume | 12.1 MB | 12.1 MB |
| Unique views | 57 | 57 |
| Unique downloads | 60 | 60 |
- Publication date:
- June 22, 2022
- DOI:
-
- Keyword(s):
- cyber-attack patterns machine learning rule-based learning pattern identification attack command correlation honeypots Dionaea host-based log data
- Grants:
-
European Commission:
-
FORESIGHT - Advanced cyber-security simulation platform for preparedness training in Aviation, Naval and Power-grid environments (833673)
- ECHO - European network of Cybersecurity centres and competence Hub for innovation and Operations (830943)
-
FORESIGHT - Advanced cyber-security simulation platform for preparedness training in Aviation, Naval and Power-grid environments (833673)
- License (for files):
- Creative Commons Attribution 4.0 International