Characterizing Attackers and Attacks: An Empirical Study

TitleCharacterizing Attackers and Attacks: An Empirical Study
Publication TypeConference Papers
Year of Publication2011
AuthorsSalles-Loustau G, Berthier R, Collange E, Sobesto B, Cukier M
Date Published2011/12//
Keywordsattack sessions, attacker characterization, attacker skill measurement, honey net infrastructure, honey pot configurations, IP address, keystroke profile analysis, opportunity target, rogue software exploitation, security of data, SSH-based authentication proxy

This paper describes an empirical research study to characterize attackers and attacks against targets of opportunity. A honey net infrastructure was built and deployed over 167 days that leveraged three different honey pot configurations and a SSH-based authentication proxy to attract and follow attackers over several weeks. A total of 211 attack sessions were recorded and evidence was collected at each stage of the attack sequence: from discovery to intrusion and exploitation of rogue software. This study makes two important contributions: 1) we introduce a new approach to measure attacker skills, and 2) we leverage keystroke profile analysis to differentiate attackers beyond their IP address of origin.