Set-up and deployment of a high-interaction honeypot: experiment and lessons learnedReportar como inadecuado




Set-up and deployment of a high-interaction honeypot: experiment and lessons learned - Descarga este documento en PDF. Documentación en PDF para descargar gratis. Disponible también para leer online.

1 LAAS-TSF - Équipe Tolérance aux fautes et Sûreté de Fonctionnement informatique LAAS - Laboratoire d-analyse et d-architecture des systèmes Toulouse 2 LAAS - Laboratoire d-analyse et d-architecture des systèmes Toulouse

Abstract : This paper presents the lessons learned from an empirical analysis of attackers behaviours based on the deployment on the Internet of a high-interaction honeypot for more than one year. We focus in particular on the attacks performed via the SSH service and the activities performed by the attackers once they gain access to the system and try to progress in their intrusion. The first part of the paper describes: i the global architecture of the honeypot and the mechanisms used to capture the implementation details so that we can observe attackers behaviours and ii the details of the experiment itself duration, data captured, overview of the attackers activity. The second part presents the results of the observation of the attackers. It includes: i the description of the global attack process, constituted of two main steps, dictionary attacks and intrusions and ii the detailed analysis of these two main steps.

Keywords : Security threats experimental analysis honeypot dictionary attack intrusion





Autor: Vincent Nicomette - Mohamed Kaâniche - Eric Alata - Matthieu Herrb -

Fuente: https://hal.archives-ouvertes.fr/



DESCARGAR PDF




Documentos relacionados