Special Issue Paper
Characterization of attacks collected from the deployment of Web service honeypot
Article first published online: 26 FEB 2013
Copyright © 2013 John Wiley & Sons, Ltd.
Security and Communication Networks
Volume 7, Issue 2, pages 338–351, February 2014
How to Cite
Ghourabi, A., Abbes, T. and Bouhoula, A. (2014), Characterization of attacks collected from the deployment of Web service honeypot. Security Comm. Networks, 7: 338–351. doi: 10.1002/sec.737
- Issue published online: 28 JAN 2014
- Article first published online: 26 FEB 2013
- Manuscript Accepted: 12 DEC 2012
- Manuscript Received: 30 SEP 2012
- Web service;
- attacks characterization;
- data analysis;
Honeypots play an important role in collecting relevant information about malicious activities that happen on the Internet. In this paper, we are particularly interested in attacks targeting Web services. We therefore propose a honeypot implementation for Web services, called WS Honeypot. However, the data collected by honeypots can become very large, which greatly complicates the analysis task performed by the human analyst. As a solution for this problem, we propose in this paper an automatic technique to analyze the data collected from our WS Honeypot. The proposed approach is based on four machine learning methods: support vector machines, support vector regression, spectral clustering, and k-means clustering. Our main objectives are to analyze the collected data, automatically characterizing the captured attacks and detecting the denial-of-service and novel attacks. Copyright © 2013 John Wiley & Sons, Ltd.