Characterizing Attackers and Attacks: An Empirical Study

This paper describes an empirical research study to characterize attackers and attacks against targets of opportunity. A honey net infrastructure was built and deployed over 167 days that leveraged three different honey pot configurations and a SSH-based authentication proxy to attract and follow at...

Full description

Saved in:
Bibliographic Details
Main Authors: Salles-Loustau, G., Berthier, R., Collange, E., Sobesto, B., Cukier, M.
Format: Conference Proceeding
Language:English
Subjects:
Attack Analysis
Attacker Behavior
Containers
Delay
Empirical Research Study
Force
Honeypots
IP networks
Logic gates
Software
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:This paper describes an empirical research study to characterize attackers and attacks against targets of opportunity. A honey net infrastructure was built and deployed over 167 days that leveraged three different honey pot configurations and a SSH-based authentication proxy to attract and follow attackers over several weeks. A total of 211 attack sessions were recorded and evidence was collected at each stage of the attack sequence: from discovery to intrusion and exploitation of rogue software. This study makes two important contributions: 1) we introduce a new approach to measure attacker skills, and 2) we leverage keystroke profile analysis to differentiate attackers beyond their IP address of origin.
DOI:10.1109/PRDC.2011.29