DocumentCode :
1972840
Title :
Classification of malicious network streams using honeynets
Author :
Abbasi, F.H. ; Harris, Richard J. ; Moretti, G. ; Haider, Abrar ; Anwar, Norizan
Author_Institution :
Sch. of Eng. & Adv. Technol. (SEAT), Massey Univ., Palmerston North, New Zealand
fYear :
2012
fDate :
3-7 Dec. 2012
Firstpage :
891
Lastpage :
897
Abstract :
Misuse-based intrusion detection systems alone cannot cope with the dynamic nature of the security threats faced today by organizations globally. Variants of malware and exploits are emerging on the global canvas at an ever-increasing rate. There is a need to automate their detection by observing their malicious footprints over network streams. In this paper we evaluate a proposed technique to measure the relative similarity or level of maliciousness between different categories of malicious network streams captured by honeynets. This is measured by quantifying areas of analogous information or entropy between incoming network streams and reference malicious samples. Machine learning methods are used to quickly cluster similar groups of streams from the datasets. This technique is then evaluated using a large dataset and the correctness of the classifier is verified by using `area under the receiver operating characteristic curves´(ROC AUC) measures across various string metric-based classifiers.
Keywords :
invasive software; learning (artificial intelligence); honeynets; machine learning method; malicious footprints; malicious network streams; malware; misuse based intrusion detection system; receiver operating characteristic curves measures; security threats; string metric based classifiers;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Global Communications Conference (GLOBECOM), 2012 IEEE
Conference_Location :
Anaheim, CA
ISSN :
1930-529X
Print_ISBN :
978-1-4673-0920-2
Electronic_ISBN :
1930-529X
Type :
conf
DOI :
10.1109/GLOCOM.2012.6503226
Filename :
6503226
Link To Document :
بازگشت