Get access

Characterization of attacks collected from the deployment of Web service honeypot

Authors

  • Abdallah Ghourabi,

    Corresponding author
    1. Department of Computer Science and Networks, Higher School of Communication of Tunis SUP'COM, University of Carthage, Ariana, Tunisia
    • Correspondence: Abdallah Ghourabi, Department of Computer Science and Networks, Higher School of Communication of Tunis SUP'COM, City of Communications Technologies El Ghazala, University of Carthage, 2083 Ariana, Tunisia.

      E-mail: abdallah.ghourabi@supcom.rnu.tn

    Search for more papers by this author
  • Tarek Abbes,

    1. Department of Computer Science and Networks, Higher School of Communication of Tunis SUP'COM, University of Carthage, Ariana, Tunisia
    Search for more papers by this author
  • Adel Bouhoula

    1. Department of Computer Science and Networks, Higher School of Communication of Tunis SUP'COM, University of Carthage, Ariana, Tunisia
    Search for more papers by this author

ABSTRACT

Honeypots play an important role in collecting relevant information about malicious activities that happen on the Internet. In this paper, we are particularly interested in attacks targeting Web services. We therefore propose a honeypot implementation for Web services, called WS Honeypot. However, the data collected by honeypots can become very large, which greatly complicates the analysis task performed by the human analyst. As a solution for this problem, we propose in this paper an automatic technique to analyze the data collected from our WS Honeypot. The proposed approach is based on four machine learning methods: support vector machines, support vector regression, spectral clustering, and k-means clustering. Our main objectives are to analyze the collected data, automatically characterizing the captured attacks and detecting the denial-of-service and novel attacks. Copyright © 2013 John Wiley & Sons, Ltd.

Ancillary