Título: A data mining approach for analysis of worm activity through automatic signature generation

Autores: Urko Zurutuza, Roberto Uribeetxeberria, Diego Zamboni

Fecha: October 2008

Area: Seguridad

Tema: Honeypots

Abstract:
This paper proposes a novel framework to automatically discover and analyze traffic generated by computer worms and other anomalous behaviors that interact with a non-solicited traffic monitoring system. Network packets are analyzed by an Intrusion Detection System (IDS), and new signatures are generated clustering those which remain unknown for the IDS. Furthermore, the framework provides a mechanism to cluster the alarms produced by the IDS producing a correlated vision of the traffic observed. Both the automatic signature generation and the alarm clusters are accomplished using data mining techniques.

[pdf]

Referencia:

A data mining approach for analysis of worm activity through automatic signature generation. Urko Zurutuza , Roberto Uribeetxeberria, and Diego Zamboni. In Proceedings of the First ACM workshop on AISec. Fairfax, VA, USA. October 2008.

bibtex:

@inproceedings{zur08b,
author = {Urko Zurutuza and Roberto Uribeetxeberria and Diego Zamboni},
title = {A data mining approach for analysis of worm activity through automatic signature generation},
booktitle = {AISec '08: Proceedings of the 1st ACM workshop on Workshop on AISec},
year = {2008},
isbn = {978-1-60558-291-7},
pages = {61--70},
location = {Alexandria, Virginia, USA},
doi = {http://doi.acm.org/10.1145/1456377.1456394},
publisher = {ACM},
address = {New York, NY, USA},
key = {zur08b}
}