Skip to main content
Book cover

Quality of Protection pp 79–91Cite as

Collection and analysis of attack data based on honeypots deployed on the Internet

  • Conference paper

Part of the Advances in Information Security book series (ADIS,volume 23)

Abstract

The CADHo project (Collection and Analysis of Data from Honeypots) is an ongoing research action funded by the French ACI “Securiteé & Informatique” [1]. It aims at building an environment to better understand threats on the Internet and also at providing models to analyze the observed phenomena. Our approach consists in deploying and sharing with the scientific community a distributed platform based on honeypots that gathers data suitable to analyze the attack processes targeting machines connected to the Internet. This distributed platform, called Leurreé.com and administrated by Institut Eurecom, offers each partner collaborating to this initiative access to all collected data in order to carry out statistical analyzes and modeling activities. So far, about thirty honeypots have been operational for several months in twenty countries of the five continents. This paper presents a brief overview of this distributed platform and examples of results derived from the data. It also outlines the approach investigated to model observed attack processes and to describe the intruders behaviors once they manage to get access to a target machine.

Keywords

  • Attack Data
  • Attack Activity
  • Attack Scenario
  • Attack Process
  • Malicious Activity

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-0-387-36584-8_7
  • Chapter length: 13 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   219.00
Price excludes VAT (USA)
  • ISBN: 978-0-387-36584-8
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   299.00
Price excludes VAT (USA)
Hardcover Book
USD   279.99
Price excludes VAT (USA)
Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. M. Bailey, E. Cooke, F. Jahanian, J. Nazario, and D. Watson, “The Internet Motion Sensor: A Distributed Blackhole Monitoring System”, Proc. 12th Annual Network and Distributed System Security Symposium (NDSS), San Diego, CA, Feb. 2005.

    Google Scholar 

  2. L. Spitzner, Honeypots: Tracking Hackers, Addison-Wesley, ISBN from-321-10895-7, 2002

    Google Scholar 

  3. F. Pouget, Publications web page, http://www.eurecom.fr/ pougefpapers.htm

  4. M. Dacier, F. Pouget, H. Debar, “Honeypots: Practical Means to Validate Malicious Fault Assumptions on the Internet”, Proc. 10th IEEE International Symposium Pacific Rim Dependable Computing (PRDC10), Tahiti, March 2004, pages 383–388.

    Google Scholar 

  5. M. Dacier, F. Pouget, H. Debar, “Attack Processes found on the Internet”, Proc. OTAN Symposium on Adaptive Defense in Unclassified Networks, Toulouse, France, April 2004.

    Google Scholar 

  6. F. Pouget, M. Dacier, “Honeypot-based Forensics”, Proc. AusCERT Asia Pacific Information Technology Security Conference (AusCERT2004), Brisbane (Australia), May 2004.

    Google Scholar 

  7. F. Pouget, M. Dacier, V. H. Pham, “Towards a Better Understanding of Internet Threats to Enhance Survivability”, Proc. International Infrastructure Survivability Workshop (IISW04), Lisbon (Portugal), December 2004.

    Google Scholar 

  8. F. Pouget, T. Holz, “A Pointillist Approach for Comparing Honeypots”, Proc. Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2005), Vienna (Austria), July 2005.

    Google Scholar 

  9. F. Pouget, M. Dacier, V. H. Pham, “Leurreé.com: On the Advantages of Deploying a Large Scale Distributed Honeypot Platform”, Proc. E-Crime and Computer Evidence Conference (ECCE 2005), Monaco, Mars 2005.

    Google Scholar 

  10. K. Kanoun, M. Kaaâniche, J-C. Laprie, “Qualitative and Quantitative Reliability Assessment”, IEEE Software, Vol. 14, n2, pages 74–86, 1997.

    CrossRef  Google Scholar 

  11. M. Dacier, Y. Deswarte, M. Kaaâniche, “Models and tools for quantitative assessment of operational security”, Proc. 12th International Information Security Conference (IFIP SEC'96),Samos (Greece), May 1996, pages 177–186

    Google Scholar 

  12. R. Ortalo, Y. Deswarte, M. Kaaniche, “Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security”, IEEE Transactions on Software Engineering, Vol.25, N5, pages 633–650, September/October 1999.

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LAAS-CNRS, 7 Avenue du Colonel Roche, 31077, Toulouse Cedex 4, France

    E. Alata, Y. Deswarte, M. Kaaâniche & V. Nicomette

  2. Eurecom, 2229 Route des Creétes, BP 193,06904, Sophia Antipolis Cedex, France

    M. Dacier, V. H. Pham & F. Pouget

  3. CERT-RENATER, c/o ENSAM, 151 Boulevard de lHopital, 75013, Paris, France

    K. Kortchinsky

Authors
  1. E. Alata
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. M. Dacier
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Y. Deswarte
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. M. Kaaâniche
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. K. Kortchinsky
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. V. Nicomette
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. V. H. Pham
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. F. Pouget
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute Security in Distributed Applications, TU Hamburg-Harburg, Harburger Schloßstraße 20, 21079, Hamburg, Germany

    Dieter Gollmann

  2. Dipartimento Informatica e Telecomunicazioni (DIT), University of Trento, Via Sommarive, 14 38050, Trento, Italy

    Fabio Massacci & Artsiom Yautsiukhin & 

Rights and permissions

Reprints and Permissions

Copyright information

© 2006 Springer Science+Business Media, LLC.

About this paper

Cite this paper

Alata, E. et al. (2006). Collection and analysis of attack data based on honeypots deployed on the Internet. In: Gollmann, D., Massacci, F., Yautsiukhin, A. (eds) Quality of Protection. Advances in Information Security, vol 23. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-36584-8_7

Download citation

  • DOI: https://doi.org/10.1007/978-0-387-36584-8_7

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-0-387-29016-4

  • Online ISBN: 978-0-387-36584-8

  • eBook Packages: Computer ScienceComputer Science (R0)