Empirical analysis and statistical modeling of attack processes based on honeypots
Mohamed Kaaniche (LAAS), Y. Deswarte (LAAS), Eric Alata (LAAS), Marc, Dacier (SC), Vincent Nicomette (LAAS)
TL;DR
This paper analyzes attack data from honeypots to understand attacker strategies and proposes initial modeling approaches to characterize attack processes based on empirical data.
Contribution
It provides empirical analysis of honeypot-collected attack data and introduces preliminary statistical modeling methods for attack process characterization.
Findings
Attack patterns identified from honeypot data
Preliminary models suggest common attack process structures
Data supports understanding attacker behavior strategies
Abstract
Honeypots are more and more used to collect data on malicious activities on the Internet and to better understand the strategies and techniques used by attackers to compromise target systems. Analysis and modeling methodologies are needed to support the characterization of attack processes based on the data collected from the honeypots. This paper presents some empirical analyses based on the data collected from the Leurr{\'e}.com honeypot platforms deployed on the Internet and presents some preliminary modeling studies aimed at fulfilling such objectives.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Advanced Malware Detection Techniques · Internet Traffic Analysis and Secure E-voting