Skip to Main content Skip to Navigation

"Système distribué de capteurs pots de miel: discrimination et analyse corrélative des processus d'attaques"

Abstract : Security systems cannot be efficiently designed without both a good preliminary understanding of malicious activities which might occur in the wild and a good comprehension of attack processes. Unfortunately, it seems that this knowledge is either not available or remains anecdotal and often biased. The goal of this thesis is primarily to make progress on understanding the malicious activities that occur and to provide a methodology that would help to acquire this knowledge. It is necessary in a first step to work on a valuable dataset. To address this problem, we have deployed a worldwide distributed network of sensors, also called Honeypots. Honeypots are machines that are not publicly advertised. They have contributed to capture a huge amount of suspicious data over several months. In the scope of this thesis, we propose a framework, called HoRaSis (for Honeypot Traffic Analysis), which aims at automatically extracting meaningful information out of this remarkable dataset. It basically consists in two major stages: i) the discrimination and ii) the correlative analysis of the collected traffic. More precisely, we first discriminate collected activities according to the fingerprints they let on each sensor. This stage must also consider the potential disturbances introduced by the network. The proposed solution relies on dedicated clustering and classification techniques. We then identify all previous fingerprints which share strong common characteristics. This task is performed thanks to a graph-theory approach, and, in particular, the search of maximal weighted cliques within graphs. Different characteristics based on our preliminary experiments have been considered. Several cases exemplify the value of combining these two stages. Thanks to the proposed HoRaSis framework, we prove that a rigorous and methodical analysis of honeypot traffic clearly helps to get a better understanding of malicious activities.
Document type :
Complete list of metadata

Cited literature [1 references]  Display  Hide  Download
Contributor : Ecole Télécom ParisTech Connect in order to contact the contributor
Submitted on : Tuesday, November 16, 2010 - 5:04:13 PM
Last modification on : Friday, July 31, 2020 - 10:44:05 AM
Long-term archiving on: : Thursday, December 1, 2016 - 11:55:05 AM



  • HAL Id : pastel-00001751, version 1


Fabien Pouget. "Système distribué de capteurs pots de miel: discrimination et analyse corrélative des processus d'attaques". domain_other. Télécom ParisTech, 2006. Français. ⟨pastel-00001751⟩



Record views


Files downloads