2 research outputs found
Honey Plotter and the Web of Terror
Honeypots are a useful tool for discovering the
distribution of malicious traffic on the Internet and how that
traffic evolves over time. In addition, they allow an insight into
new attacks appearing. One major problem is analysing the large
amounts of data generated by such honeypots and correlating
between multiple honeypots. Honey Plotter is a web-based query
and visualisation tool to allow investigation into data gathered by
a distributed honeypot network. It is built on top of a relational
database, which allows great flexibility in the questions that can
be asked and has automatic generation of visualisations based on
the results of queries. The main focus is on aggregate statistics but
individual attacks can also be analysed. Statistical comparison of
distributions is also provided to assist with detecting anomalies
in the data; helping separate out common malicious traffic from
new threats and trends. Two short case studies are presented to
give an example of the types of analysis that can be performed
Honey Plotter and the Web of Terror
This is a conference paper [© IEEE] and it is also available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=4317994&isnumber=4317770. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.Honeypots are a useful tool for discovering the
distribution of malicious traffic on the Internet and how that
traffic evolves over time. In addition, they allow an insight into
new attacks appearing. One major problem is analysing the large
amounts of data generated by such honeypots and correlating
between multiple honeypots. Honey Plotter is a web-based query
and visualisation tool to allow investigation into data gathered by
a distributed honeypot network. It is built on top of a relational
database, which allows great flexibility in the questions that can
be asked and has automatic generation of visualisations based on
the results of queries. The main focus is on aggregate statistics but
individual attacks can also be analysed. Statistical comparison of
distributions is also provided to assist with detecting anomalies
in the data; helping separate out common malicious traffic from
new threats and trends. Two short case studies are presented to
give an example of the types of analysis that can be performed