Research Article
A Hybrid Alarm Association Method Based on AP Clustering and Causality
Table 2
Types of honeypot data attacks.
| | Attack type | Quantity |
| | Portmap-request-mountd | 111 | | Web-cgi | 10 | | Ping zeros | 51 | | SYN FIN scan | 47 | | DNS-version-query | 116 | | DNS-zone-transfer | 3989 | | Large-icmp | 286 | | Ping Microsoft Windows | 14 | | RPC-rpcinfo-query | 24 | | Spp_portscan | 838 | | SourcePortTraffic-53-tcp | 26 | | Ping Nmap 2.36BETA | 459 | | Socks-probe | 2627 | | Telnet-login-incorrect | 397 | | PING-ICMP time exceeded | 12 | | IDS118-MISC-traceroute ICMP | 2360 | | PING-ICMP destination unreachable | 709 | | IDS212–MISC | 1487 | | NAMED Iquery probe | 146 | | RPC-portmap-request-status | 67 | | MISC-Source Port Traffic 53 TCP | 60 | | SMTP-expn-root | 786 | | Portmap-request-mountd | 111 |
|
|
