Intrusion Prediction Mechanism based on Honeypot Logs’ Similarity Assessment

  • 鍾 曜年

Student thesis: Master's Thesis


Intrusion Detection is the mechanism to identify and recognize the suspicious and malicious activities and has recently become essential to protect the important assets of enterprise or E-commerce However with the dramatic increase of Cyber Crimes and evolution of malicious programs more and more new variant malwares and guilty tools pop out To cope with a tremendous number of unknown anomalous traffic is like threading the needle let alone responds to the attacks Additionally Network-based Intrusion Detection Systems have very high rate of false alarms and it will make the IT professionals or administrators involve in significant human efforts to decide whether the flows are malicious or not In this thesis we propose a mechanism that by means of honeypot logs’ similarity and data mining techniques it can predict the suspicious flows and block them ahead of the attacks taking place With honeypot logs and association rule mining it can reduce the false alarm problem of Intrusion Detection System because there are no normal traffics in honeypots; namely all the flows are suspicious Furthermore it can save lots of human efforts because the entire system can operate and tackle the data automatically The result of preliminary experiments indicates that the prediction system with honeypots can be practical for preventing assets from attacks or misuse
Date of Award2014 Aug 22
Original languageEnglish
SupervisorJung-Shian Li (Supervisor)

Cite this