Abstract
The CADHo project (Collection and Analysis of Data from Honeypots) is an ongoing research action funded by the French ACI “Securiteé & Informatique” [1]. It aims at building an environment to better understand threats on the Internet and also at providing models to analyze the observed phenomena. Our approach consists in deploying and sharing with the scientific community a distributed platform based on honeypots that gathers data suitable to analyze the attack processes targeting machines connected to the Internet. This distributed platform, called Leurreé.com and administrated by Institut Eurecom, offers each partner collaborating to this initiative access to all collected data in order to carry out statistical analyzes and modeling activities. So far, about thirty honeypots have been operational for several months in twenty countries of the five continents. This paper presents a brief overview of this distributed platform and examples of results derived from the data. It also outlines the approach investigated to model observed attack processes and to describe the intruders behaviors once they manage to get access to a target machine.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
M. Bailey, E. Cooke, F. Jahanian, J. Nazario, and D. Watson, “The Internet Motion Sensor: A Distributed Blackhole Monitoring System”, Proc. 12th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, Feb. 2005.
L. Spitzner, Honeypots: Tracking Hackers, Addison-Wesley, ISBN from-321-10895-7, 2002
F. Pouget, Publications web page, http://www.eurecom.fr/ pougefpapers.htm
M. Dacier, F. Pouget, H. Debar, “Honeypots: Practical Means to Validate Malicious Fault Assumptions on the Internet”, Proc. 10th IEEE International Symposium Pacific Rim Dependable Computing (PRDC10), Tahiti, March 2004, pages 383–388.
M. Dacier, F. Pouget, H. Debar, “Attack Processes found on the Internet”, Proc. OTAN Symposium on Adaptive Defense in Unclassified Networks, Toulouse, France, April 2004.
F. Pouget, M. Dacier, “Honeypot-based Forensics”, Proc. AusCERT Asia Pacific Information Technology Security Conference (AusCERT2004), Brisbane (Australia), May 2004.
F. Pouget, M. Dacier, V. H. Pham, “Towards a Better Understanding of Internet Threats to Enhance Survivability”, Proc. International Infrastructure Survivability Workshop (IISW04), Lisbon (Portugal), December 2004.
F. Pouget, T. Holz, “A Pointillist Approach for Comparing Honeypots”, Proc. Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2005), Vienna (Austria), July 2005.
F. Pouget, M. Dacier, V. H. Pham, “Leurreé.com: On the Advantages of Deploying a Large Scale Distributed Honeypot Platform”, Proc. E-Crime and Computer Evidence Conference (ECCE 2005), Monaco, Mars 2005.
K. Kanoun, M. Kaaâniche, J-C. Laprie, “Qualitative and Quantitative Reliability Assessment”, IEEE Software, Vol. 14, n2, pages 74–86, 1997.
M. Dacier, Y. Deswarte, M. Kaaâniche, “Models and tools for quantitative assessment of operational security”, Proc. 12th International Information Security Conference (IFIP SEC'96),Samos (Greece), May 1996, pages 177–186
R. Ortalo, Y. Deswarte, M. Kaaniche, “Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security”, IEEE Transactions on Software Engineering, Vol.25, N5, pages 633–650, September/October 1999.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer Science+Business Media, LLC.
About this paper
Cite this paper
Alata, E. et al. (2006). Collection and analysis of attack data based on honeypots deployed on the Internet. In: Gollmann, D., Massacci, F., Yautsiukhin, A. (eds) Quality of Protection. Advances in Information Security, vol 23. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-36584-8_7
Download citation
DOI: https://doi.org/10.1007/978-0-387-36584-8_7
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-29016-4
Online ISBN: 978-0-387-36584-8
eBook Packages: Computer ScienceComputer Science (R0)