Análise de dados de bases de honeypots: estatística descritiva e regras de IDS

Imagem de Miniatura
Ferreira, Pedro Henrique Matheus da Costa
Silva, Leandro Nunes de Castro
Título da Revista
ISSN da Revista
Título de Volume
Membros da banca
Brosso, Maria Inês Lopes
Bueno, Paulo Marcos Siqueira
Engenharia Elétrica
A honeypot is a computer security system dedicated to being probed, attacked or compromised. The information collected help in the identification of threats to computer network assets. When probed, attacked and compromised the honeypot receives a sequence of commands that are mainly intended to exploit a vulnerability of the emulated systems. This work uses data collected by honeypots to create rules and signatures for intrusion detection systems. The rules are extracted from decision trees constructed from the data sets of real honeypots. The results of experiments performed with four databases, both public and private, showed that the extraction of rules for an intrusion detection system is possible using data mining techniques, particularly decision trees. The technique pointed out similarities between the data sets, even the collection occurring in places and periods of different times. In addition to the rules obtained, the technique allows the analyst to identify problems quickly and visually, facilitating the analysis process.
honeypot , dionaea , mineração de dados , IDS , árvores de decisão , honeypot , dionaea , data mining , IDS , decision trees
FERREIRA, Pedro Henrique Matheus da Costa. Análise de dados de bases de honeypots: estatística descritiva e regras de IDS. 2015. 105 f. Dissertação (Mestrado em Engenharia Elétrica) - Universidade Presbiteriana Mackenzie, São Paulo, 2015.