Title :
Honey Plotter and the Web of Terror
Author :
Withall, Mark ; De Silva, M. Shirantha ; Parish, David ; Phillips, Iain
Author_Institution :
Loughborough Univ., Loughborough
Abstract :
Honeypots are a useful tool for discovering the distribution of malicious traffic on the Internet and how that traffic evolves over time. In addition, they allow an insight into new attacks appearing. One major problem is analysing the large amounts of data generated by such honeypots and correlating between multiple honeypots. Honey Plotter is a web-based query and visualisation tool to allow investigation into data gathered by a distributed honeypot network. It is built on top of a relational database, which allows great flexibility in the questions that can be asked and has automatic generation of visualisations based on the results of queries. The main focus is on aggregate statistics but individual attacks can also be analysed. Statistical comparison of distributions is also provided to assist with detecting anomalies in the data; helping separate out common malicious traffic from new threats and trends. Two short case studies are presented to give an example of the types of analysis that can be performed.
Keywords :
Internet; relational databases; security of data; statistical analysis; telecommunication security; telecommunication traffic; Internet; Web-based query; aggregate statistics; anomaly detection; distributed honeypot network; honey plotter; honeypots; malicious traffic; relational database; visualisation tool; Aggregates; Computer hacking; Data visualization; Information security; Internet; Intrusion detection; Monitoring; Relational databases; Statistical distributions; Telecommunication traffic;
Conference_Titel :
Computer Communications and Networks, 2007. ICCCN 2007. Proceedings of 16th International Conference on
Conference_Location :
Honolulu, HI
Print_ISBN :
978-1-4244-1251-8
Electronic_ISBN :
1095-2055
DOI :
10.1109/ICCCN.2007.4317994
