An entropy and volume-based approach for identifying malicious activities in honeynet traffic

Mohammed H. Sqalli; Syed Naeem Firdous; Zubair Baig; Farag Azzedin

doi:10.1109/CW.2011.35

An entropy and volume-based approach for identifying malicious activities in honeynet traffic

Mohammed H. Sqalli^*
, Syed Naeem Firdous
, Zubair Baig
, Farag Azzedin

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

4 Scopus citations

Abstract

Honey nets are an increasingly popular choice deployed by organizations to lure attackers into a trap network, for collection and analysis of unauthorized network activity. A Honey net captures substantial amount of data and logs for analysis in order to identify malicious activities perpetrated by the hacker community. The analysis of this large amount of data is a challenging task. Through this paper, we propose a technique based on the entropy and volume thresholds of selected network features to efficiently analyze Honey net data, and identify malicious activities. Our technique consists of both feature-based and volume-based schemes to identify malicious activities in the Honey net traffic. Through deployment of our proposed approach, a detailed analysis of various traffic features is conducted and the most appropriate features for Honey net traffic are thereupon selected. The anomalies are identified using entropy distributions and volume distributions, along with their corresponding threshold levels. The proposed scheme proves to be effective in identifying most types of anomalies seen in Honey net traffic.

Original language	English
Title of host publication	Proceedings - 2011 International Conference on Cyberworlds, Cyberworlds 2011
Pages	23-30
Number of pages	8
DOIs	https://doi.org/10.1109/CW.2011.35
State	Published - 2011

Publication series

Name	Proceedings - 2011 International Conference on Cyberworlds, Cyberworlds 2011

Keywords

Anomaly Detection
Cybersecurity
Entropy
Honeynet

ASJC Scopus subject areas

Computer Networks and Communications

Access to Document

10.1109/CW.2011.35

Cite this

Sqalli, M. H., Firdous, S. N., Baig, Z., & Azzedin, F. (2011). An entropy and volume-based approach for identifying malicious activities in honeynet traffic. In Proceedings - 2011 International Conference on Cyberworlds, Cyberworlds 2011 (pp. 23-30). Article 6079342 (Proceedings - 2011 International Conference on Cyberworlds, Cyberworlds 2011). https://doi.org/10.1109/CW.2011.35

@inproceedings{1a990d5d53f84953bc29528a58e43c18,

title = "An entropy and volume-based approach for identifying malicious activities in honeynet traffic",

abstract = "Honey nets are an increasingly popular choice deployed by organizations to lure attackers into a trap network, for collection and analysis of unauthorized network activity. A Honey net captures substantial amount of data and logs for analysis in order to identify malicious activities perpetrated by the hacker community. The analysis of this large amount of data is a challenging task. Through this paper, we propose a technique based on the entropy and volume thresholds of selected network features to efficiently analyze Honey net data, and identify malicious activities. Our technique consists of both feature-based and volume-based schemes to identify malicious activities in the Honey net traffic. Through deployment of our proposed approach, a detailed analysis of various traffic features is conducted and the most appropriate features for Honey net traffic are thereupon selected. The anomalies are identified using entropy distributions and volume distributions, along with their corresponding threshold levels. The proposed scheme proves to be effective in identifying most types of anomalies seen in Honey net traffic.",

keywords = "Anomaly Detection, Cybersecurity, Entropy, Honeynet",

author = "Sqalli, \{Mohammed H.\} and Firdous, \{Syed Naeem\} and Zubair Baig and Farag Azzedin",

year = "2011",

doi = "10.1109/CW.2011.35",

language = "English",

isbn = "9780769544670",

series = "Proceedings - 2011 International Conference on Cyberworlds, Cyberworlds 2011",

pages = "23--30",

booktitle = "Proceedings - 2011 International Conference on Cyberworlds, Cyberworlds 2011",

}

An entropy and volume-based approach for identifying malicious activities in honeynet traffic. / Sqalli, Mohammed H.; Firdous, Syed Naeem; Baig, Zubair et al.
Proceedings - 2011 International Conference on Cyberworlds, Cyberworlds 2011. 2011. p. 23-30 6079342 (Proceedings - 2011 International Conference on Cyberworlds, Cyberworlds 2011).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - An entropy and volume-based approach for identifying malicious activities in honeynet traffic

AU - Sqalli, Mohammed H.

AU - Firdous, Syed Naeem

AU - Baig, Zubair

AU - Azzedin, Farag

PY - 2011

Y1 - 2011

N2 - Honey nets are an increasingly popular choice deployed by organizations to lure attackers into a trap network, for collection and analysis of unauthorized network activity. A Honey net captures substantial amount of data and logs for analysis in order to identify malicious activities perpetrated by the hacker community. The analysis of this large amount of data is a challenging task. Through this paper, we propose a technique based on the entropy and volume thresholds of selected network features to efficiently analyze Honey net data, and identify malicious activities. Our technique consists of both feature-based and volume-based schemes to identify malicious activities in the Honey net traffic. Through deployment of our proposed approach, a detailed analysis of various traffic features is conducted and the most appropriate features for Honey net traffic are thereupon selected. The anomalies are identified using entropy distributions and volume distributions, along with their corresponding threshold levels. The proposed scheme proves to be effective in identifying most types of anomalies seen in Honey net traffic.

AB - Honey nets are an increasingly popular choice deployed by organizations to lure attackers into a trap network, for collection and analysis of unauthorized network activity. A Honey net captures substantial amount of data and logs for analysis in order to identify malicious activities perpetrated by the hacker community. The analysis of this large amount of data is a challenging task. Through this paper, we propose a technique based on the entropy and volume thresholds of selected network features to efficiently analyze Honey net data, and identify malicious activities. Our technique consists of both feature-based and volume-based schemes to identify malicious activities in the Honey net traffic. Through deployment of our proposed approach, a detailed analysis of various traffic features is conducted and the most appropriate features for Honey net traffic are thereupon selected. The anomalies are identified using entropy distributions and volume distributions, along with their corresponding threshold levels. The proposed scheme proves to be effective in identifying most types of anomalies seen in Honey net traffic.

KW - Anomaly Detection

KW - Cybersecurity

KW - Entropy

KW - Honeynet

UR - https://www.scopus.com/pages/publications/83355167101

U2 - 10.1109/CW.2011.35

DO - 10.1109/CW.2011.35

M3 - Conference contribution

AN - SCOPUS:83355167101

SN - 9780769544670

T3 - Proceedings - 2011 International Conference on Cyberworlds, Cyberworlds 2011

SP - 23

EP - 30

BT - Proceedings - 2011 International Conference on Cyberworlds, Cyberworlds 2011

ER -

An entropy and volume-based approach for identifying malicious activities in honeynet traffic

Abstract

Publication series

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this