Abstract: Internet security is the major part of current network scenario, there are several types of security threats threatens the internet transactions. Even though there are several techniques and approaches are proposed, still some new issues grow tremendously every day. Recently honeypot systems are deployed to trap and trace internet attacks. But the main drawback in it is it accumulates huge size of traced data. The huge data size is very difficult to handle by the network controller. So, effective pruning and summarization of intruder activity is necessary. The proposed system FEM (Fast Episode Mining) blends a new episode mining, pruning, summarizing and allows a network controller to spot malicious activities. So it reduces the time and energy on tackling those huge data’s. The new and enhanced attack episode is composed of a series of proceedings. Through these set of events, the intrusion will be detected. This paper focuses on discovering attack episodes for the Common Internet File System (CIFS) / Server Message Block (SMB), which is an application layer protocol. The proposed system is designed to effectively locate the suspicious events and proceedings that are very likely a new one, from an immense amount of logged data. The proposed system is based on the SMB with intrusion detection and response, so this is named as SSMB (Secure Server Message Block). In addition the proposed system performs the intrusion response for the specified type of attack. The detected attack will be responded according to the response dataset from the intrusion response tree.
Keywords: Malicious attack, Honey pot, Intrusion Detection System, Episode Mining, Pruning.