1. Publications
  2. Time signatures to detect multi-headed stealthy attack tools
print

Time signatures to detect multi-headed stealthy attack tools

Pouget, Fabien;Urvoy-Keller, Guillaume;Dacier, Marc
18th Annual FIRST Conference, June 25-30, 2006, Baltimore, USA

In this paper, we present a method to detect the existence of sophisticated attack tools in the Internet that combine, in a misleading way, several exploits. These tools apply various attack strategies, resulting into several different attack fingerprints. A few of these sophisticated tools have already been identified, e.g. Welchia. However, devising a method to automatically detect them is very challenging since their different fingerprints are apparently unrelated. We propose a technique to automatically detect their existence through their time signatures. We exemplify the interest of the technique on a large set of real world attack traces and discover a handful of those new sophisticated tools.


Detail
Document
BIBTEX
Type:
Conférence
City:
Baltimore
Date:
2006-06-25
Department:
Sécurité numérique
Eurecom Ref:
1888
Copyright:
© First. Personal use of this material is permitted. The definitive version of this paper was published in 18th Annual FIRST Conference, June 25-30, 2006, Baltimore, USA and is available at :
See also:
POUGET Fabien
PERMALINK : https://www.eurecom.fr/publication/1888