Skip to Main content Skip to Navigation

Observation, caractérisation et modélisation de processus d'attaques sur Internet

Eric Alata 1
1 LAAS-TSF - Équipe Tolérance aux fautes et Sûreté de Fonctionnement informatique
LAAS - Laboratoire d'analyse et d'architecture des systèmes
Abstract : Observation, characterization and modeling of attack pro- cesses on the Internet The development of appropriate methods to observe and characterize attacks on the Internet is important to improve our knowledge about these threats and the behavior of the attackers. In particular, information obtained from such analyses are useful to establish realistic assumptions and to implement protection mechanisms to cope with these threats. The work presented in this thesis falls within this context using honeypots as a means to collect data characterizing the malicious activities on the Internet. A honeypot is a computer system that is deliberately vulnerable and is aimed at attracting the attackers to study their behavior. Our work and contributions cover two main objectives. The first one concerns the development of a methodology and stochastic models to characterize the distribution of the time intervals between attacks, the propagation of attacks and the correlations between the attack processes observed on several honeypot environments, using data collected from low interaction honeypots deployed in the context of the Leurré.com project. The second part of our work focuses on the development and deployment of a high interaction honeypot to explore the progression of an attack within a system, considering as an example attacks against the ssh service. The analysis of data collected allowed us to observe different stages of an intrusion and to demonstrate the relevance of our approach.
Complete list of metadata

Cited literature [81 references]  Display  Hide  Download
Contributor : Arlette Evrard <>
Submitted on : Friday, May 16, 2008 - 2:05:43 PM
Last modification on : Thursday, June 10, 2021 - 3:05:45 AM
Long-term archiving on: : Friday, May 28, 2010 - 5:46:15 PM


  • HAL Id : tel-00280126, version 1


Eric Alata. Observation, caractérisation et modélisation de processus d'attaques sur Internet. Réseaux et télécommunications [cs.NI]. INSA de Toulouse, 2007. Français. ⟨tel-00280126⟩



Record views


Files downloads