Title: Extracting IDS Rules from Honeypot Data: A Decision Tree Approach

Year of Publication: Dec - 2014
Page Numbers: 97-109
Authors: Pedro Henrique Matheus, Leandro Nunes de Castro
Conference Name: The International Conference in Information Security and Digital Forensics (ISDF2014)
- Greece


This work uses data collected by honeypots to create rules and signatures for intrusion detec-tion systems. The rules are extracted from deci-sion trees constructed based on the data of a real honeypot installed on an internet connection without any filter. The results of the experiments showed that the extraction of rules for an intru-sion detection system is possible using data min-ing techniques, in particular the decision tree algorithm. The technique proposed allows the analyst to summarize the data into a tree, where he/she can identify problems and extract rules to help reducing or even mitigate the security prob-lems pointed out by the honeypot.