Characterizing Attackers and Attacks: An Empirical Study
| Title | Characterizing Attackers and Attacks: An Empirical Study |
| Publication Type | Conference Papers |
| Year of Publication | 2011 |
| Authors | Salles-Loustau G, Berthier R, Collange E, Sobesto B, Cukier M |
| Date Published | 2011/12// |
| Keywords | attack sessions, attacker characterization, attacker skill measurement, honey net infrastructure, honey pot configurations, IP address, keystroke profile analysis, opportunity target, rogue software exploitation, security of data, SSH-based authentication proxy |
| Abstract | This paper describes an empirical research study to characterize attackers and attacks against targets of opportunity. A honey net infrastructure was built and deployed over 167 days that leveraged three different honey pot configurations and a SSH-based authentication proxy to attract and follow attackers over several weeks. A total of 211 attack sessions were recorded and evidence was collected at each stage of the attack sequence: from discovery to intrusion and exploitation of rogue software. This study makes two important contributions: 1) we introduce a new approach to measure attacker skills, and 2) we leverage keystroke profile analysis to differentiate attackers beyond their IP address of origin. |
| DOI | 10.1109/PRDC.2011.29 |