Identifying Attack Propagation Patterns in Honeypots Using Markov Chains Modeling and Complex Networks Analysis

Ariel Bar, Bracha Shapira, Lior Rokach, Moshe Unger

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Honey pots are computer resources that are used to detect and deflect network attacks on a protected system. The data collected from honey pots can be utilized to better understand cyber-attacks and provide insights for improving security measures, such as intrusion detection systems. In recent years, attackers' sophistication has increased significantly, thus additional and more advanced analytical models are required. In this paper we suggest several unique methods for detecting attack propagation patterns using Markov Chains modeling and complex networks analysis. These methods can be applied on attack datasets collected from honey pots. The results of these models shed light on different attack profiles and interaction patterns between the deployed sensors in the honey pot system. We evaluate the suggested methods on a massive data set which includes over 167 million observed attacks on a globally distributed honey pot system. Analyzing the results reveals interesting patterns regarding attack correlations between the honey pots. We identify central honey pots which enable the propagation of attacks, and present how attack profiles may vary according to the attacking country. These patterns can be used to better understand existing or evolving attacks, and may aid security experts to better deploy honey pots in their system.

Original languageEnglish
Title of host publicationProceedings - 2016 IEEE International Conference on Software Science, Technology and Engineering, SwSTE 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages28-36
Number of pages9
ISBN (Electronic)9781509010189
DOIs
StatePublished - 18 Jul 2016
Externally publishedYes
Event2016 IEEE International Conference on Software Science, Technology and Engineering, SwSTE 2016 - Beer Sheva, Israel
Duration: 23 Jun 201624 Jun 2016

Publication series

NameProceedings - 2016 IEEE International Conference on Software Science, Technology and Engineering, SwSTE 2016

Conference

Conference2016 IEEE International Conference on Software Science, Technology and Engineering, SwSTE 2016
Country/TerritoryIsrael
CityBeer Sheva
Period23/06/1624/06/16

Keywords

  • Attack Propagation
  • Complex Networks Analysis
  • Cyber Security
  • Honeypots
  • Markov Chains

Fingerprint

Dive into the research topics of 'Identifying Attack Propagation Patterns in Honeypots Using Markov Chains Modeling and Complex Networks Analysis'. Together they form a unique fingerprint.

Cite this