@conference {18667, title = {Characterizing Attackers and Attacks: An Empirical Study}, year = {2011}, month = {2011/12//}, pages = {174 - 183}, abstract = {This paper describes an empirical research study to characterize attackers and attacks against targets of opportunity. A honey net infrastructure was built and deployed over 167 days that leveraged three different honey pot configurations and a SSH-based authentication proxy to attract and follow attackers over several weeks. A total of 211 attack sessions were recorded and evidence was collected at each stage of the attack sequence: from discovery to intrusion and exploitation of rogue software. This study makes two important contributions: 1) we introduce a new approach to measure attacker skills, and 2) we leverage keystroke profile analysis to differentiate attackers beyond their IP address of origin.}, keywords = {attack sessions, attacker characterization, attacker skill measurement, honey net infrastructure, honey pot configurations, IP address, keystroke profile analysis, opportunity target, rogue software exploitation, security of data, SSH-based authentication proxy}, doi = {10.1109/PRDC.2011.29}, author = {Salles-Loustau,G. and Berthier,R. and Collange,E. and Sobesto,B. and Michel Cukier} }