This paper aims at showing the usefulness of simple honeypots to obtain data that can be used to derive analytical models of the attack processes present on the Internet. Built upon an environment which has been deployed for 18 months, we provide gures and analyses that enable us to better understand how attacks are carried out in the wild. Key contributions of this paper include a critical review of geographical information provided by NetGeo, a study of the aftermath of the Deloder worm and an in-depth analysis of the interaction between the populations of compromised machines devoted to scan the Internet and the ones in charge of actually running the attacks.
Understanding threats: a prerequisite to enhance survivability of computing systems
IISW 2004, International Infrastructure Survivability Workshop 2004, in conjunction with the 25th IEEE International Real-Time Systems Symposium (RTSS 04) December 5-8, 2004, Lisbon, Portugal
© 2004 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
PERMALINK : https://www.eurecom.fr/publication/1559