Ecole d'ingénieur et centre de recherche en Sciences du numérique

Behind the scenes of online attacks: an analysis of exploitation behaviors on the web

Canali, Davide; Balzarotti, Davide

NDSS 2013, 20th Annual Network and Distributed System Security Symposium, February 24-27, 2013, San Diego, CA, United States

Web attacks are nowadays one of the major threats on the Internet, and several studies have analyzed them, providing details on how they are performed and how they spread. However, no study seems to have sufficiently analyzed the typical behavior of an attacker after a website has been compromised. This paper presents the design, implementation, and deployment of a network of 500 fully functional honeypot websites, hosting a range of different services, whose aim is to attract attackers and collect information on what they do during and after their attacks. In 100 days of experiments, our system automatically collected, normalized, and clustered                               over 85,000 files that were created during approximately 6,000 attacks. Labeling the clusters allowed us to draw a general picture of the attack landscape, identifying the behavior behind each action performed both during and after the exploitation of a web application.

Document Hal Bibtex

Titre:Behind the scenes of online attacks: an analysis of exploitation behaviors on the web
Type:Conférence
Langue:English
Ville:San Diego
Pays:ÉTATS-UNIS
Date:
Département:Sécurité numérique
Eurecom ref:3877
Copyright: © ISOC. Personal use of this material is permitted. The definitive version of this paper was published in NDSS 2013, 20th Annual Network and Distributed System Security Symposium, February 24-27, 2013, San Diego, CA, United States and is available at :
Bibtex: @inproceedings{EURECOM+3877, year = {2013}, title = {{B}ehind the scenes of online attacks: an analysis of exploitation behaviors on the web}, author = {{C}anali, {D}avide and {B}alzarotti, {D}avide}, booktitle = {{NDSS} 2013, 20th {A}nnual {N}etwork and {D}istributed {S}ystem {S}ecurity {S}ymposium, {F}ebruary 24-27, 2013, {S}an {D}iego, {CA}, {U}nited {S}tates}, address = {{S}an {D}iego, {\'{E}}{TATS}-{UNIS}}, month = {02}, url = {http://www.eurecom.fr/publication/3877} }
Voir aussi: