TY - GEN
T1 - Identifying Attack Propagation Patterns in Honeypots Using Markov Chains Modeling and Complex Networks Analysis
AU - Bar, Ariel
AU - Shapira, Bracha
AU - Rokach, Lior
AU - Unger, Moshe
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/7/18
Y1 - 2016/7/18
N2 - Honey pots are computer resources that are used to detect and deflect network attacks on a protected system. The data collected from honey pots can be utilized to better understand cyber-attacks and provide insights for improving security measures, such as intrusion detection systems. In recent years, attackers' sophistication has increased significantly, thus additional and more advanced analytical models are required. In this paper we suggest several unique methods for detecting attack propagation patterns using Markov Chains modeling and complex networks analysis. These methods can be applied on attack datasets collected from honey pots. The results of these models shed light on different attack profiles and interaction patterns between the deployed sensors in the honey pot system. We evaluate the suggested methods on a massive data set which includes over 167 million observed attacks on a globally distributed honey pot system. Analyzing the results reveals interesting patterns regarding attack correlations between the honey pots. We identify central honey pots which enable the propagation of attacks, and present how attack profiles may vary according to the attacking country. These patterns can be used to better understand existing or evolving attacks, and may aid security experts to better deploy honey pots in their system.
AB - Honey pots are computer resources that are used to detect and deflect network attacks on a protected system. The data collected from honey pots can be utilized to better understand cyber-attacks and provide insights for improving security measures, such as intrusion detection systems. In recent years, attackers' sophistication has increased significantly, thus additional and more advanced analytical models are required. In this paper we suggest several unique methods for detecting attack propagation patterns using Markov Chains modeling and complex networks analysis. These methods can be applied on attack datasets collected from honey pots. The results of these models shed light on different attack profiles and interaction patterns between the deployed sensors in the honey pot system. We evaluate the suggested methods on a massive data set which includes over 167 million observed attacks on a globally distributed honey pot system. Analyzing the results reveals interesting patterns regarding attack correlations between the honey pots. We identify central honey pots which enable the propagation of attacks, and present how attack profiles may vary according to the attacking country. These patterns can be used to better understand existing or evolving attacks, and may aid security experts to better deploy honey pots in their system.
KW - Attack Propagation
KW - Complex Networks Analysis
KW - Cyber Security
KW - Honeypots
KW - Markov Chains
UR - http://www.scopus.com/inward/record.url?scp=84981294999&partnerID=8YFLogxK
U2 - 10.1109/SWSTE.2016.13
DO - 10.1109/SWSTE.2016.13
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84981294999
T3 - Proceedings - 2016 IEEE International Conference on Software Science, Technology and Engineering, SwSTE 2016
SP - 28
EP - 36
BT - Proceedings - 2016 IEEE International Conference on Software Science, Technology and Engineering, SwSTE 2016
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2016 IEEE International Conference on Software Science, Technology and Engineering, SwSTE 2016
Y2 - 23 June 2016 through 24 June 2016
ER -