Automatic analysis of web service honeypot data using machine learning techniques

Abstract

Over the past years, Honeypots have proven their efficacy for understanding the characteristics of malicious activities on the Internet. They help security managers to collect valuable information about the techniques and motivations of the attackers. However, when the amount of collected data in honeypots becomes very large, the analysis performed by a human security administrator tends to be very difficult, tedious and time consuming task. To facilitate and improve this task, integration of new methods for automatic analysis seems to be necessary. We propose in this paper a new approach based on different machine learning techniques to analyze collected data in a Web Services Honeypot. The aim of this approach is to identify and characterize attacks targeting Web services using three classifiers (SVM, SVM Regression and Apriori) depending on the nature of collected data. © 2013 Springer-Verlag Berlin Heidelberg.