Collection and Analysis of attack data based on Honeypots deployed on the Internet

E. Alata, Marc Dacier, Y. Deswarte, M. Kaaâniche, K. Kortchinsky, V. Nicomette, V. H. Pham, F. Pouget

Research output: Chapter in Book/Report/Conference proceedingChapter

5 Citations (Scopus)

Abstract

The CADHo project (Collection and Analysis of Data from Honeypots) is an ongoing research action funded by the French ACI "Securiteé & Informatique" [1]. It aims at building an environment to better understand threats on the Internet and also at providing models to analyze the observed phenomena. Our approach consists in deploying and sharing with the scientific community a distributed platform based on honeypots that gathers data suitable to analyze the attack processes targeting machines connected to the Internet. This distributed platform, called Leurreé.com and administrated by Institut Eurecom, offers each partner collaborating to this initiative access to all collected data in order to carry out statistical analyzes and modeling activities. So far, about thirty honeypots have been operational for several months in twenty countries of the five continents. This paper presents a brief overview of this distributed platform and examples of results derived from the data. It also outlines the approach investigated to model observed attack processes and to describe the intruders behaviors once they manage to get access to a target machine.

Original languageEnglish
Title of host publicationAdvances in Information Security
Pages79-91
Number of pages13
Volume23
Publication statusPublished - 2006
Externally publishedYes

Publication series

NameAdvances in Information Security
Volume23
ISSN (Print)15682633

Fingerprint

Internet

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems

Cite this

Alata, E., Dacier, M., Deswarte, Y., Kaaâniche, M., Kortchinsky, K., Nicomette, V., ... Pouget, F. (2006). Collection and Analysis of attack data based on Honeypots deployed on the Internet. In Advances in Information Security (Vol. 23, pp. 79-91). (Advances in Information Security; Vol. 23).

Collection and Analysis of attack data based on Honeypots deployed on the Internet. / Alata, E.; Dacier, Marc; Deswarte, Y.; Kaaâniche, M.; Kortchinsky, K.; Nicomette, V.; Pham, V. H.; Pouget, F.

Advances in Information Security. Vol. 23 2006. p. 79-91 (Advances in Information Security; Vol. 23).

Research output: Chapter in Book/Report/Conference proceedingChapter

Alata, E, Dacier, M, Deswarte, Y, Kaaâniche, M, Kortchinsky, K, Nicomette, V, Pham, VH & Pouget, F 2006, Collection and Analysis of attack data based on Honeypots deployed on the Internet. in Advances in Information Security. vol. 23, Advances in Information Security, vol. 23, pp. 79-91.
Alata E, Dacier M, Deswarte Y, Kaaâniche M, Kortchinsky K, Nicomette V et al. Collection and Analysis of attack data based on Honeypots deployed on the Internet. In Advances in Information Security. Vol. 23. 2006. p. 79-91. (Advances in Information Security).
Alata, E. ; Dacier, Marc ; Deswarte, Y. ; Kaaâniche, M. ; Kortchinsky, K. ; Nicomette, V. ; Pham, V. H. ; Pouget, F. / Collection and Analysis of attack data based on Honeypots deployed on the Internet. Advances in Information Security. Vol. 23 2006. pp. 79-91 (Advances in Information Security).
@inbook{47f7e6e1b2624823ada909b7f466a854,
title = "Collection and Analysis of attack data based on Honeypots deployed on the Internet",
abstract = "The CADHo project (Collection and Analysis of Data from Honeypots) is an ongoing research action funded by the French ACI {"}Securite{\'e} & Informatique{"} [1]. It aims at building an environment to better understand threats on the Internet and also at providing models to analyze the observed phenomena. Our approach consists in deploying and sharing with the scientific community a distributed platform based on honeypots that gathers data suitable to analyze the attack processes targeting machines connected to the Internet. This distributed platform, called Leurre{\'e}.com and administrated by Institut Eurecom, offers each partner collaborating to this initiative access to all collected data in order to carry out statistical analyzes and modeling activities. So far, about thirty honeypots have been operational for several months in twenty countries of the five continents. This paper presents a brief overview of this distributed platform and examples of results derived from the data. It also outlines the approach investigated to model observed attack processes and to describe the intruders behaviors once they manage to get access to a target machine.",
author = "E. Alata and Marc Dacier and Y. Deswarte and M. Kaa{\^a}niche and K. Kortchinsky and V. Nicomette and Pham, {V. H.} and F. Pouget",
year = "2006",
language = "English",
isbn = "9780387290164",
volume = "23",
series = "Advances in Information Security",
pages = "79--91",
booktitle = "Advances in Information Security",

}

TY - CHAP

T1 - Collection and Analysis of attack data based on Honeypots deployed on the Internet

AU - Alata, E.

AU - Dacier, Marc

AU - Deswarte, Y.

AU - Kaaâniche, M.

AU - Kortchinsky, K.

AU - Nicomette, V.

AU - Pham, V. H.

AU - Pouget, F.

PY - 2006

Y1 - 2006

N2 - The CADHo project (Collection and Analysis of Data from Honeypots) is an ongoing research action funded by the French ACI "Securiteé & Informatique" [1]. It aims at building an environment to better understand threats on the Internet and also at providing models to analyze the observed phenomena. Our approach consists in deploying and sharing with the scientific community a distributed platform based on honeypots that gathers data suitable to analyze the attack processes targeting machines connected to the Internet. This distributed platform, called Leurreé.com and administrated by Institut Eurecom, offers each partner collaborating to this initiative access to all collected data in order to carry out statistical analyzes and modeling activities. So far, about thirty honeypots have been operational for several months in twenty countries of the five continents. This paper presents a brief overview of this distributed platform and examples of results derived from the data. It also outlines the approach investigated to model observed attack processes and to describe the intruders behaviors once they manage to get access to a target machine.

AB - The CADHo project (Collection and Analysis of Data from Honeypots) is an ongoing research action funded by the French ACI "Securiteé & Informatique" [1]. It aims at building an environment to better understand threats on the Internet and also at providing models to analyze the observed phenomena. Our approach consists in deploying and sharing with the scientific community a distributed platform based on honeypots that gathers data suitable to analyze the attack processes targeting machines connected to the Internet. This distributed platform, called Leurreé.com and administrated by Institut Eurecom, offers each partner collaborating to this initiative access to all collected data in order to carry out statistical analyzes and modeling activities. So far, about thirty honeypots have been operational for several months in twenty countries of the five continents. This paper presents a brief overview of this distributed platform and examples of results derived from the data. It also outlines the approach investigated to model observed attack processes and to describe the intruders behaviors once they manage to get access to a target machine.

UR - http://www.scopus.com/inward/record.url?scp=77958132042&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77958132042&partnerID=8YFLogxK

M3 - Chapter

AN - SCOPUS:77958132042

SN - 9780387290164

VL - 23

T3 - Advances in Information Security

SP - 79

EP - 91

BT - Advances in Information Security

ER -