The WOMBAT attack attribution method: Some results

Marc Dacier, Van Hau Pham, Olivier Thonnard

Research output: Chapter in Book/Report/Conference proceedingConference contribution

17 Citations (Scopus)

Abstract

In this paper, we present a new attack attribution method that has been developed within the WOMBAT project. We illustrate the method with some real-world results obtained when applying it to almost two years of attack traces collected by low interaction honeypots. This analytical method aims at identifying large scale attack phenomena composed of IP sources that are linked to the same root cause. All malicious sources involved in a same phenomenon constitute what we call a Misbehaving Cloud (MC). The paper offers an overview of the various steps the method goes through to identify these clouds, providing pointers to external references for more detailed information. Four instances of misbehaving clouds are then described in some more depth to demonstrate the meaningfulness of the concept.

Original languageEnglish
Title of host publicationInformation Systems Security - 5th International Conference, ICISS 2009, Proceedings
Pages19-37
Number of pages19
DOIs
Publication statusPublished - 14 Dec 2009
Event5th International Conference on Information Systems Security, ICISS 2009 - Kolkata, India
Duration: 14 Dec 200918 Dec 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5905 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference5th International Conference on Information Systems Security, ICISS 2009
CountryIndia
CityKolkata
Period14/12/0918/12/09

    Fingerprint

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Dacier, M., Pham, V. H., & Thonnard, O. (2009). The WOMBAT attack attribution method: Some results. In Information Systems Security - 5th International Conference, ICISS 2009, Proceedings (pp. 19-37). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5905 LNCS). https://doi.org/10.1007/978-3-642-10772-6_3