• PDF / 3,811,384 Bytes
• 15 Pages / 439.37 x 666.142 pts Page_size
• 76 Downloads / 295 Views

DOWNLOAD

REPORT

Faculty of Science, Institute of Computer Science, Pavol Jozef Safarik University in Kosice, Jesenna 5, 040 01 Kosice, Slovakia [email protected] 2 Faculty of Science, Institute of Mathematics, Pavol Jozef Safarik University in Kosice, Jesenna 5, 040 01 Kosice, Slovakia [email protected]

Abstract. Honeypots are unconventional tools to study methods, tools and goals of attackers. In addition to IP addresses, timestamps and count of attacks, these tools collect combinations of login and password. Therefore, analysis of data collected by honeypots can bring different view of logins and passwords. In paper, advanced statistical methods and correlations with spatial-oriented data were applied to find out more detailed information about the logins and passwords. Also we used the Chi-square test of independence to study difference between login and password. In addition, we study agreement of structure of password and login using kappa statistics.

Keywords: Honeypot test · Kappa statistic

1

·

Login

·

Password

·

Spatial data

·

Chi-square

Introduction

In current information society we deal with an increasing security threat. Therefore, an important part of information security is protection of information. Common security tools, methods and techniques used before are ineffective against new security threats. Therefore, it is necessary to choose other tools and techniques. It seems that the network forensics, especially honeypots and honeynets, are very useful tools. The use of the word “honeypot” is quite recent [1], however honeypots have been used for more than twenty years in computer systems. It can be defined as a computing resource, whose value is in being attacked [2]. Lance Spitzner defines honeypot as an information system resource whose value lies in unauthorized or illicit use of that resource [3]. The most common classification of honeypot is classification based on the level of interaction. The definition of level of interaction is the range of possibilities the attacker is given after attacking the system. Honeypots can be divided into low-interaction and high-interaction. Example of this type of honeypots is c IFIP International Federation for Information Processing 2016  Published by Springer International Publishing AG 2016. All Rights Reserved A.M. Tjoa et al. (Eds.): CONFENIS 2016, LNBIP 268, pp. 112–126, 2016. DOI: 10.1007/978-3-319-49944-4 9

Lessons Learned from Honeypots - Statistical Analysis

113

Dionaea [4]. On one hand, low-interaction honeypots emulate the characteristics of network services or a particular operating system. On the other hand, a complete operating system with all services is used to get more accurate information about attacks and attackers [5]. This type of honeypot is called high-interaction honeypot. Example of this type of honeypots is HonSSH [6]. Concept of honeypot is extended by honeynet - a special kind of highlevel interaction honeypot. The honeynet can be also referred to as “a virtual environment, consisting of multiple honeypots, designed to decei

Recommend Documents

Lessons Learned

189 3 3MB

Lessons Learned

194 25 9MB

Lessons Learned from the 2018 Elections

172 36 4MB

Lessons Learned and Open Challenges

181 66 5MB

Lessons learned from protein aggregation: toward technological and biomedical applications

179 10 1MB

Management of Insect Pests to Agriculture Lessons Learned from Decip

194 94 5MB

Teaching Struggling Students Lessons Learned from Both Sides of the

176 81 1MB

Diverse Spirituality Revisited: Lessons Learned

168 39 8MB

Clinical Anesthesia Near Misses and Lessons Learned

206 58 1MB

Social Media Impact on Academic Performance: Lessons Learned from Cameroon

200 57 50MB

Lessons Learned From a Gap Analysis of Obstetric Hemorrhage Protocols across a Health System

162 64 585KB

Lessons learned from AI ethics principles for future actions

177 66 488KB