Nowadays, computers, as well as smart devices, are connected through communication networks making them more vulnerable to attacks. Honeypots are proposed as deception tools but usually used as part of a proactive defense strategy. Hence, this article demonstrates how honeypots data can be analyzedin an active defense strategy. Furthermore, anomaly detection based on unsupervised machine learning techniques allows to build autonomous systems and to detect unknown anomalies without the need for prior knowledge. However, the unsupervised techniques applied for honeypots data analysis do not value the advantages of these tools’ data, particularly the high probability that they include a large number of previously unseen anomalies with unexpected and diverse patterns. Therefore, in the present work, the aim is to improve the unsupervised anomaly detection in honeypots data by varying the data feature subset and the parameterization of the anomaly detection algorithm. To this purpose, an outlier ensemble with LOF (Local Outlier Factor) as a base algorithm is proposed. The ensemble outperforms existing solutions as depicted in the experiments where a detection rate higher than 92% is achieved.

中文翻译：

---

蜜罐数据中非监督异常检测的离群值集合

如今，计算机以及智能设备通过通信网络连接在一起，从而使其更容易受到攻击。蜜罐被提议作为欺骗工具，但通常用作主动防御策略的一部分。因此，本文演示了如何在主动防御策略中分析蜜罐数据。此外，基于无监督机器学习技术的异常检测允许构建自治系统并检测未知异常，而无需先验知识。但是，用于蜜罐数据分析的无人监督技术并没有重视这些工具数据的优势，特别是它们包含大量先前未曾见过的异常​​情况的可能性很高，这些异常情况具有意想不到的多样化模式。因此，在目前的工作中，目的是通过更改数据特征子集和异常检测算法的参数设置来改善蜜罐数据中的无监督异常检测。为此，提出了一种以LOF（局部离群因子）为基础算法的离群合奏。该集合优于现有解决方案，如实验中所述，在该解决方案中，检出率高于92％。