TY - CONF T1 - Characterizing Attackers and Attacks: An Empirical Study Y1 - 2011 A1 - Salles-Loustau,G. A1 - Berthier,R. A1 - Collange,E. A1 - Sobesto,B. A1 - Michel Cukier KW - attack sessions KW - attacker characterization KW - attacker skill measurement KW - honey net infrastructure KW - honey pot configurations KW - IP address KW - keystroke profile analysis KW - opportunity target KW - rogue software exploitation KW - security of data KW - SSH-based authentication proxy AB - This paper describes an empirical research study to characterize attackers and attacks against targets of opportunity. A honey net infrastructure was built and deployed over 167 days that leveraged three different honey pot configurations and a SSH-based authentication proxy to attract and follow attackers over several weeks. A total of 211 attack sessions were recorded and evidence was collected at each stage of the attack sequence: from discovery to intrusion and exploitation of rogue software. This study makes two important contributions: 1) we introduce a new approach to measure attacker skills, and 2) we leverage keystroke profile analysis to differentiate attackers beyond their IP address of origin. M3 - 10.1109/PRDC.2011.29 ER -