Data mining algorithms in the analysis of security logs from a honeypot system

Abstract

Today many applications move to the Internet as web applications. This phenomenon causes new opportunities for attackers to take over servers or steal sensitive data such as credit card numbers, personal or corporate data. In this paper some analyses of data from a honeypot system of web application, implemented at the Institute of Computer Science, Warsaw University of Technology, are presented. The implemented honeypot has its own management software that helps to analyze the stored data. The honeypot was operating almost one year. Several data mining techniques were used to analyze the data collected by the honeypot and to detect important patterns and attacks. In this paper the results of the usage of algorithms MaxMiner and SED in the analysis of logs are presented.