Journal
2016 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE SCIENCE, TECHNOLOGY AND ENGINEERING (SWSTE 2016)
Volume -, Issue -, Pages 28-36Publisher
IEEE
DOI: 10.1109/SWSTE.2016.13
Keywords
Cyber Security; Honeypots; Attack Propagation; Markov Chains; Complex Networks Analysis
Ask authors/readers for more resources
Honeypots are computer resources that are used to detect and deflect network attacks on a protected system. The data collected from honeypots can be utilized to better understand cyber-attacks and provide insights for improving security measures, such as intrusion detection systems. In recent years, attackers' sophistication has increased significantly, thus additional and more advanced analytical models are required. In this paper we suggest several unique methods for detecting attack propagation patterns using Markov Chains modeling and complex networks analysis. These methods can be applied on attack datasets collected from honeypots. The results of these models shed light on different attack profiles and interaction patterns between the deployed sensors in the honeypot system. We evaluate the suggested methods on a massive data set which includes over 167 million observed attacks on a globally distributed honeypot system. Analyzing the results reveals interesting patterns regarding attack correlations between the honeypots. We identify central honeypots which enable the propagation of attacks, and present how attack profiles may vary according to the attacking country. These patterns can be used to better understand existing or evolving attacks, and may aid security experts to better deploy honeypots in their system.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available