R. @bullet-gérard-wagener, A. State, T. Dulaunoy, and . Engel, Heliza: Talking Dirty to the Attackers, Journal in Computer Virology, 2010.

A. Wagener, R. State, A. Dulaunoy, and T. Engel, Playing with Your Enemy: A Game Theoretical Approach for High Interaction-Honeypots, ACM Journal of Transactions on Autonomous and Adaptive Systems, 2011.

C. Publications, @. Gérard-wagener, R. State, and A. Dulaunoy, Malware Behaviour Analysis, proceedings of the 2nd International Workshop on Theory of Computer Viruses, 2007.

A. @bullet-gérard-wagener, R. Dulaunoy, and . State, Automated Malware Behaviour Analysis, 2007.

A. @bullet-gérard-wagener, T. Dulaunoy, and . Engel, An Instrumented Analysis of Unknown Software and Malware Driven by Free Libre Open Source Software, proceedings of SITIS, 2008.

A. @bullet-gérard-wagener, T. Dulaunoy, and . Engel, Towards an estimation of the accuracy of TCP reassembly in network forensics, Proceedings of the Second International Conference on Future Generation Communication and Networking, pp.273-278

R. @bullet-gérard-wagener, A. State, T. Dulaunoy, and . Engel, Self Adaptive High Interaction Honeypots Driven by Game Theory, the 11th International Symposium on Stabilization, Safety, and CHAPTER 9. CONCLUSIONS AND PERSPECTIVES Security of Distributed Systems (SSS), pp.741-755, 2009.
DOI : 10.1007/978-3-642-05118-0_51

G. @bullet-cynthia-wagner, R. Wagener, T. State, and . Engel, Malware analysis with graph kernels and support vector machines, 4th International Conference on Malicious and Unwanted Software, pp.63-68, 2009.

G. @bullet-cynthia-wagner and . Wagener, Radu State, Alexandre Dulaunoy and Thomas Engel Breaking Tor Anonymity with Game Theory and Data Mining, the 4th International Conference on Network and System Security. Melbourne, 2010.

G. @bullet-cynthia-wagner and . Wagner, Radu State Alexandre Dulaunoy and Thomas Engel. PeekKernelFlows: Peeking into IP flows, the 7th International Symposium on Visualization for Cyber Security, 2010.

A. @bullet-gérard-wagener, R. Dulaunoy, T. State, and . Engel, AHA -Adaptive High-Interaction Honeypot Alternative, 2010.

R. @bullet-gérard-wagener, A. State, T. Dulaunoy, and . Engel, Adaptive and Self-Configurable Honeypots, the 12th IFIP/IEEE International Symposium on Integrated Network Management, 2011.

F. @bullet-gérard-wagener, A. Raynal, C. Dulaunoy, and . Kyvrakidis, Detecting User Mode Linux Honeypots is fine ... but it's better to crash them, 2008.

P. Abbeel, A. Coates, M. Quigley, and Y. Andrew, An application of reinforcement learning to aerobatic helicopter flight, Advances in Neural Information Processing Systems, pp.1-8, 2007.

E. Alata, I. Alberdi, V. Nicomette, P. Owezarski, and M. Kaâniche, Internet attacks monitoring with dynamic connection redirection mechanisms, Journal in Computer Virology, vol.4, issue.2, pp.127-136, 2008.
DOI : 10.1007/s11416-007-0067-8

V. Eric-alata, M. Nicomette, M. Kaâniche, M. Dacier, and . Herrb, Lessons learned from the deployment of a high-interaction honeypot, Dependable Computing Conference, pp.39-46, 2006.

K. G. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. Markatos et al., Detecting targeted attacks using shadow honeypots, Proceedings of the 14th conference on USENIX Security Symposium, 2005.

S. Antonatos, K. Anagnostakis, and E. Markatos, Honey@home, Proceedings of the 2007 ACM workshop on Recurring malcode, WORM '07, pp.38-45, 2007.
DOI : 10.1145/1314389.1314398

P. Baecher and M. Koetter, Dionaea catches bugs, 2011.

P. Baecher, M. Koetter, T. Holz, M. Dornseif, and F. Freiling, The Nepenthes Platform: An Efficient Approach to Collect Malware, Recent Advances in Intrusion Detection, pp.165-184, 2006.
DOI : 10.1007/11856214_9

E. Balas, Sebek: Covert Glass-box Host Analysis. ;Login Magazine, 2003.

E. Balas and C. Viecco, Towards a third generation data capture architecture for honeynets, Proceedings from the Sixth Annual IEEE Systems, Man and Cybernetics (SMC) Information Assurance Workshop, 2005., pp.21-28, 2005.
DOI : 10.1109/IAW.2005.1495929

B. Banerjee, S. Sen, and J. Peng, Fast Concurrent Reinforcement Learners, Proceedings of the Seventeenth International Joint Conference on Artificial Intelligence, pp.825-830, 2001.

D. Barlow, Building your own live CD, Linux Journal, 2005.

G. Andrew, S. Barto, and . Mahadevan, Recent Advances in Hierarchical Reinforcement Learning. Discrete Event Dynamic Systems, pp.41-77, 2003.

G. Andrew, S. Barto, and . Mahadevan, Recent Advances in Hierarchical Reinforcement Learning. Discrete Event Dynamic Systems, pp.341-379, 2003.

F. Bassino, M. Béal, and D. Perrin, Super-state automata and rational trees, Proceedings of the Third Latin American Symposium on Theoretical Informatics, LATIN '98, pp.42-52, 1998.
DOI : 10.1007/BFb0054309

URL : https://hal.archives-ouvertes.fr/hal-00619862

M. Bauer, Paranoid penguin: syslog configuration, Linux Journal, 2001.

R. Bejtlich, The Tao of Network Security Monitoring: Beyond Intrusion Detection, 2004.

F. Bellard, QEMU, a Fast and Portable Dynamic Translator, USENIX Annual Technical Conference, pp.41-46, 2005.

R. Bellman, On games involving bluffing, Rendiconti del Circolo Matematico di Palermo, pp.139-156, 1952.
DOI : 10.1007/BF02847783

M. Steven and . Bellovin, There Be Dragons, Proceedings of the Third Usenix Unix Security Symposium, pp.1-16, 1992.

K. Binmore, Playing for Real, 2007.
DOI : 10.1093/acprof:oso/9780195300574.001.0001

B. Blunden, The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, 2009.

H. Anthony, C. , and E. Mylonakis, Google trends: a web-based tool for real-time surveillance of disease outbreaks. Clinical infectious diseases: an official publication of the Infectious Diseases Society of America, p.49, 2009.

B. E. Carpenter, Observed relationships between size measures of the internet, ACM SIGCOMM Computer Communication Review, vol.39, issue.2, pp.5-12, 2009.
DOI : 10.1145/1517480.1517482

G. Chamales, The Honeywall CD-ROM, IEEE Security & Privacy Magazine, vol.2, issue.2, pp.77-79, 2004.
DOI : 10.1109/MSECP.2004.1281253

B. Cheswick, An Evening with Berferd in Which a Cracker is Lured, Endured and Studied, Proceedings of the USENIX Conference, pp.163-174, 1992.

R. William, S. M. Cheswick, A. D. Bellovin, and . Rubin, Firewalls and Internet Security; Repelling the Wily Hacker, 2003.

E. Chien, The New Generation of Targeted Attacks

A. L. Coates, Pessimal print: a reverse Turing test, Proceedings of Sixth International Conference on Document Analysis and Recognition, pp.1154-1159, 2001.
DOI : 10.1109/ICDAR.2001.953966

F. Cohen, A note on the role of deception in information protection, Computers & Security, vol.17, issue.6, pp.483-506, 1998.
DOI : 10.1016/S0167-4048(98)80071-0

M. Collins and N. Duffy, Convolutional Kernels for Natural Language, Advances in Neural Information Processing Systems 14, 2002.

R. W. Cottle, J. Pang, and R. E. Stone, The Linear Complementary Problem, 1992.

M. F. Cowlishaw, Fundamental Requirements for picture presentation, Proceedings of the Society for picture presentation, pp.101-107, 1985.

M. Crovella and B. Krishnamurthy, Internet Measurement, chapter Issues in capturing data, pp.101-102, 2006.

M. Dacier and . Leurré, com: a worldwide distributed honeynet, lessons learned after 4 years of existence, Terena Networking Conference, 2008.

M. Dacier, C. Leita, O. Thonnard, H. Pham, and E. Kirda, Assessing Cybercrime Through the Eyes of the WOMBAT, Cyber Situational Awareness of Advances in Information Security, pp.103-136
DOI : 10.1007/978-1-4419-0140-8_6

D. Dagon, X. Qin, G. Gu, W. Lee, J. Grizzard et al., HoneyStat: Local Worm Detection Using Honeypots, Recent Advances in Intrusion Detection, pp.39-58, 2004.
DOI : 10.1007/978-3-540-30143-1_3

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

A. Das, D. Nguyen, and J. Zambreno, An FPGA-Based Network Intrusion Detection Architecture, IEEE Transactions on Information Forensics and Security, vol.3, issue.1, pp.118-132, 2008.
DOI : 10.1109/TIFS.2007.916288

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

J. Dike, User Mode Linux, 2006.

A. Dinaburg, P. Royal, M. I. Sharif, and W. Lee, Ether, Proceedings of the 15th ACM conference on Computer and communications security, CCS '08, pp.51-62, 2008.
DOI : 10.1145/1455770.1455779

K. Dooley, Designing Large Scale Lans. O'Reilly Media, 2001.

G. W. Dunlap, S. T. King, S. Cinar, M. A. Basrai, and P. M. Chen, ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay, Proceedings of the 2002 Symposium on Operating Systems Design and Implementation (OSDI), pp.211-224, 2002.

E. Thomas, D. Carrol, and . Grosu, A Game Theoretic Investigation of Deception in Network Security, Proceedings of 18th International Conference on Computer Communications and Networks, pp.1-6, 2009.

J. Erickson, Hacking: The Art of Exploitation 2nd Edition, 2008.

K. Fairbanks, Forensic framework for honeypot analysis, 2010.

A. M. Fink, Equilibrium in a Stochastic n-Person Game, Journal of science of the Hiroshima university, vol.28, pp.89-93, 1964.

B. Fitzpatrick, Distributed caching with memcached, Linux Journal, 2004.

M. Fleischer, The Measure of Pareto Optima Applications to Multi-objective Metaheuristics, Evolutionary Multi-Criterion Optimization. Second International Conference, pp.519-533, 2003.
DOI : 10.1007/3-540-36970-8_37

C. Foster and . James, Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research, 2007.

S. Frei, M. May, U. Fiedler, and B. Plattner, Large-scale vulnerability analysis, Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense , LSAD '06, pp.131-138, 2006.
DOI : 10.1145/1162666.1162671

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

D. Fudenberg and J. Tirole, Game Theory, 1991.

D. Fudenberg and J. Tirole, Perfect Bayesian equilibrium and sequential equilibrium, Journal of Economic Theory, vol.53, issue.2, pp.236-260, 1991.
DOI : 10.1016/0022-0531(91)90155-W

M. Luca, M. Gambardella, and . Dorigo, Ant-Q: A Reinforcement Learning approach to the traveling salesman problem, Proceedings of the ML-95, 12th international conference on machine learning, pp.252-260, 1995.

T. Garfinkel and M. Rosenblum, A Virtual Machine Introspection Based Architecture for Intrusion Detection, Network and Distributed Systems Security Symposium (NDSS), pp.191-206, 2003.

J. Göbel, Amun: A Python Honeypot, 2009.

N. Gonzalo, A guided tour to approximate string matching, ACM Comput. Surv, vol.33, issue.1, pp.31-88, 2001.

A. Greenwald, Matrix Games and Nash Equilibrium, 2007.

R. Grimes, Honeyd Service Scripts, pp.167-188, 2005.

C. John and . Harsanyi, Games with Incomplete Information Played by " Bayesian " Players, I-III. Part I. The Basic Model, Management Science, vol.14, issue.3, pp.159-182, 1967.

B. Hay and K. Nance, Forensics examination of volatile system data using virtual introspection, ACM SIGOPS Operating Systems Review, vol.42, issue.3, pp.74-82, 2008.
DOI : 10.1145/1368506.1368517

I. Hitoshi and K. Yasuaki, Swarm Reinforcement Learning Method Based on an Actor-Critic Method, Simulated Evolution and Learning, pp.279-288, 2010.

T. Holz and F. Raynal, Detecting honeypots and other suspicious environments, Proceedings from the Sixth Annual IEEE Systems, Man and Cybernetics (SMC) Information Assurance Workshop, 2005., 2005.
DOI : 10.1109/IAW.2005.1495930

M. Howard, J. Pincus, and J. Wing, Measuring Relative Attack Surfaces, pp.109-134, 2005.
DOI : 10.1007/0-387-24006-3_8

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

J. Hu and M. P. Wellman, Multiagent Reinforcement Learning: Theoretical Framework and an Algorithm, Proceedings of the Fifteenth International Conference on Machine Learning, pp.242-250, 1998.

J. Hu and M. P. Wellman, Nash Q-Learning for General-Sum Stochastic Games, JOURNAL OF MACHINE LEARNING RESEARCH, vol.4, pp.1039-1069, 2003.

C. Hyunyoung and V. Hal, Predicting the Present with Google Trends

O. Ismail, M. Etoh, Y. Kadobayashi, and S. Yamaguchi, A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability, 18th International Conference on Advanced Information Networking and Applications, 2004. AINA 2004., 2004.
DOI : 10.1109/AINA.2004.1283902

G. Jens, C. Nicolas, and C. John, Secure or insure?: a game-theoretic analysis of information security games, Proceeding of the 17th international conference on World Wide Web, WWW '08, pp.209-218, 2008.

C. Jim, P. Ben, G. Tal, C. Kevin, and R. Mendel, Understanding data lifetime via whole system simulation, Proceedings of the 13th conference on USENIX Security Symposium, 2004.

L. P. Kaelbling, M. L. Littman, and A. W. Moore, Reinforcement Learning: A Survey, Journal of Artificial Intelligence Research, vol.4, pp.237-285, 1996.

I. Kantzavelou and S. Katsikas, Playing Games with Internal Attackers Repeatedly, 2009 16th International Conference on Systems, Signals and Image Processing, pp.1-6, 2009.
DOI : 10.1109/IWSSIP.2009.5367708

H. Kashima, K. Tsuda, and A. Inokuchi, Marginalized kernels between labeled Graphs, Proceedings of the Twentieth International Conference on Machine Learning, ICML-2003, 2003.

H. Kashima, K. Tsuda, A. Inokuchi, B. By, K. Schoelkopf et al., Kernels for Graphs, pp.155-170, 2004.

D. Kenji, Reinforcement Learning in Continuous Time and Space, Neural Computation, vol.12, issue.1, pp.219-245, 2000.

C. Kenjiro, K. Ryo, and K. Akira, Aguri: An Aggregation-Based Traffic Profiler, COST 263: Proceedings of the Second International Workshop on Quality of Future Internet Services, pp.222-242, 2001.

C. Kreibich and J. Crowcroft, Honeycomb, ACM SIGCOMM Computer Communication Review, vol.34, issue.1, pp.51-56, 2004.
DOI : 10.1145/972374.972384

L. Michael and . Littman, Markov games as a framework for multi-agent reinforcement learning, Proceedings of the eleventh international conference on machine learning, pp.157-163, 1994.

C. Leita, K. Mermoud, and M. Dacier, Automatic Handling of Protocol Dependencies and Reaction to 0-Day Attacks with ScriptGen Based Honeypots, Recent Advances in Intrusion Detection, pp.185-205, 2006.
DOI : 10.1007/11856214_10

C. E. Lemke, Equilibrium Points of Bimatrix Games, Journal of the Society for Industrial and Applied Mathematics, vol.12, issue.2, pp.413-423, 1964.
DOI : 10.1137/0112033

C. Li and T. Parsioan, Profiling Honeynet Attackers, Proceedings of the Class of 2006 Senior Conference on Natural Language Processing, pp.19-26, 2006.

T. Liston, Home page of

L. Michael, C. Littman, and . Szepesvári, A Generalized Reinforcement-Learning Model: Convergence and Applications, Proceedings of the 13th International Conference on Machine Learning, pp.310-318, 1996.

W. Kong, J. M. Lye, and . Wing, Game strategies in network security, International Journal of Information Security, vol.4, issue.1, pp.71-86, 2005.

F. Maggi and S. Zanero, Analysis of the state-of-the-art. http://wombat-project.eu/ workpackages/wp2-analysis-of-state-of-the-a

O. L. Mangasarian, Equilibrium Points of Bimatrix Games, Journal of the Society for Industrial and Applied Mathematics, vol.12, issue.4, pp.778-780, 1964.
DOI : 10.1137/0112064

B. Mccarty, The honeynet arms race, IEEE Security & Privacy Magazine, vol.1, issue.6, pp.79-82, 2003.
DOI : 10.1109/MSECP.2003.1253575

E. H. Mckinney, Generalized Birthday Problem, The American Mathematical Monthly, vol.73, issue.4, pp.385-387, 1966.
DOI : 10.2307/2315408

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

B. Mick, Paranoid penguin: AppArmor in Ubuntu 9, Linux Journal, 2009.

M. Mitchell and A. Samuel, Advanced Linux Programming, 2001.

D. Moore, G. M. Voelker, and S. Savage, Inferring Internet denial-of-service activity, Proceedings of the 10th conference on USENIX Security Symposium, 2001.
DOI : 10.1145/1132026.1132027

A. Moschitti, Efficient Convolution Kernels for Dependency and Constituent Syntactic Trees, Proceedings of the 17th European Conference on Machine Learning, 2006.
DOI : 10.1007/11871842_32

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

A. Moschitti, Making Tree Kernels practical for Natural Language Learning, Proceedings of the 11th International Conference on EACL, 2006.

G. Nandan and G. Daniel, Deception in honeynets: A game-theoretic analysis, Information Assurance and Security Workshop, pp.107-113, 2007.

J. Nash, Non-cooperative games, 1950.
DOI : 10.2307/1969529

N. Nethercote and J. Seward, How to shadow every byte of memory used by a program, Proceedings of the 3rd international conference on Virtual execution environments , VEE '07, pp.65-74, 2007.
DOI : 10.1145/1254810.1254820

C. Newham, J. Vossen, C. Albing, and J. P. Vossen, Bash Cookbook: Solutions and Examples for Bash Users, 2007.

V. Nicomette, M. Kaâniche, E. Alata, and M. Herrb, Set-up and deployment of a high-interaction honeypot: experiment and lessons learned, Journal in Computer Virology, vol.39, issue.5, pp.1-15, 2010.
DOI : 10.1007/s11416-010-0144-2

URL : https://hal.archives-ouvertes.fr/hal-00762596

G. Nirbhay, Improving the effectiveness of deceptive honeynets through an empirical learning approach, Paper presented at the 2002 Australian Information Warfare and Security Conference, 2002.

J. O. Adam and . Donnell, When Malware Attacks (Anything but Windows), IEEE Security and Privacy, vol.6, pp.68-70, 2008.

A. One, Smashing The Stack For Fun And Profit, Phrack, vol.7, issue.49, 1996.

M. Owens, Embedding an SQL database with SQLite, Linux Journal, issue.110, 2003.

J. Peng and R. J. Williams, Incremental multi-step Q-learning, Machine Learning, pp.226-232, 1994.
DOI : 10.1007/bf00114731

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

S. Kalyan, S. Perumalla, and . Sundaragopalan, High-Fidelity Modeling of Computer Network Worms, Computer Security Applications Conference, Annual, pp.126-135, 2004.

S. Piper, M. Davis, and S. Shenoi, Countering Hostile Forensic Techniques, Advances in Digital Forensics II IFIP Advances in Information and Communication Technology, pp.79-90, 2006.
DOI : 10.1007/0-387-36891-4_7

M. Polychronakis, K. G. Anagnostakis, and E. P. Markatos, Network-level polymorphic shellcode detection using emulation, Journal in Computer Virology, vol.16, issue.6, pp.257-274, 2007.
DOI : 10.1007/s11416-006-0031-z

R. Porter, E. Nudelman, and Y. Shoham, Simple search methods for finding a Nash equilibrium, Games and Economic Behavior, pp.664-669, 2004.
DOI : 10.1016/j.geb.2006.03.015

G. Portokalidis and H. Bos, Eudaemon: Involuntary and On-Demand Emulation Against Zero-Day Exploits, Proceedings of ACM SIGOPS EUROSYS'08, pp.287-299, 2008.

G. Portokalidis, A. Slowinska, and H. Bos, Argos, ACM SIGOPS Operating Systems Review, vol.40, issue.4, pp.15-27, 2006.
DOI : 10.1145/1218063.1217938

J. Postel and J. Reynolds, Telnet protocol specification, 1983.
DOI : 10.17487/rfc0764

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

S. Powers, Virtual Interfaces: When One IP Isn't Enough, Linux Journal, 2009.

N. Provos, A virtual honeypot framework, SSYM'04: Proceedings of the 13th conference on USENIX Security Symposium, 2004.

N. Provos, M. Friedl, and P. Honeyman, Preventing privilege escalation, SSYM'03: Proceedings of the 12th conference on USENIX Security Symposium, 2003.

N. Provos and T. Holz, Virtual honeypots: from botnet tracking to intrusion detection, 2007.

N. Provos, P. Mavrommatis, M. Abu-rajab, and F. Monrose, All your iFRAMEs point to Us, Proceedings of the 17th conference on Security symposium, 2008.

N. Provos and D. Mcnamee, Panayiotis Mavrommatis Ke Wang, Nagendra Modadugu, and Google Inc . The ghost in the browser: Analysis of web-based malware, Usenix Hotbots, 2007.

H. Thomas, T. N. Ptacek, and . Newsham, Insertion, evasion, and denial of service: Eluding network intrusion detection, pp.2-2, 1998.

M. T. Qassrawi and H. Zhang, Client honeypots: Approaches and challenges, 4th International Conference on New Trends in Information Science and Service Science (NISS), pp.19-25, 2010.

D. Ramsbrock, R. Berthier, and M. Cukier, Profiling Attacker Behavior Following SSH Compromises, 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'07), pp.119-124, 2007.
DOI : 10.1109/DSN.2007.76

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

M. Rash, Linux firewalls, 2007.

F. Raynal, Y. Berthier, P. Biondi, and D. Kaminsky, Honeypot forensics part 1: analyzing the network, IEEE Security and Privacy Magazine, vol.2, issue.4, 2004.
DOI : 10.1109/MSP.2004.47

F. Raynal, Y. Berthier, P. Biondi, and D. Kaminsky, Honeypot forensics, part II: analyzing the compromised host, IEEE Security & Privacy Magazine, vol.2, issue.5, 2004.
DOI : 10.1109/MSP.2004.70

J. Rech, Discovering trends in software engineering with google trend, ACM SIGSOFT Software Engineering Notes, vol.32, issue.2, 2007.
DOI : 10.1145/1234741.1234765

S. Smalley, C. Vance, and W. Salamon, Implementing SELinux as a Linux security module, 2001.

S. Schmidt, T. Alpcan, S. Albayrak, T. Basar, and A. Müller, A Malware Detector Placement Game for Intrusion Detection, Critical Information Infrastructures Security (CSITIS), Second International Workshop, pp.311-326, 2008.
DOI : 10.1007/978-3-540-89173-4_26

B. Schneier, Attack Trees, Dr. Dobbs Journal, vol.24, issue.12, 1999.
DOI : 10.1002/9781119183631.ch21

B. Schoelkopf and J. Smola, Learning with Kernels, pp.1-78, 2002.

C. Seifert, I. Welch, and P. Komisarczuk, Taxonomy of Honeypots, School of Mathematical and Computing Sciences, 2006.

I. Linn and . Sennott, Average Cost Optimal Stationary Policies in Infinite State Markov Decision Processes with Unbounded Costs, Operations Research, vol.37, issue.4, pp.626-633, 1989.

L. Shapley, A note on the Lemke-Howson algorithm, Mathematical Programming Study, vol.1, pp.175-189, 1974.
DOI : 10.1007/BFb0121248

L. S. Shapley, Stochastic games, Proceedings of the National Academy if Sciences of the United States of America, pp.1095-1100, 1953.

M. Simaan and J. B. Cruz-jr, On the Stackelberg strategy in nonzero-sum games, Journal of Optimization Theory and Applications, vol.11, issue.5, pp.533-555, 1973.
DOI : 10.1007/BF00935665

P. Satinder, T. Singh, M. L. Jaakkola, C. Littman, and . Szepesvári, Convergence results for single-step on-policy reinforcement-learning algorithms, Machine Learning, pp.287-308, 2000.

A. Slowinska and H. Bos, Prospector: accurate analysis of heap and stack overflow by means of age stamps, 2007.

L. Spitzner, Honeypots: Tracking Hackers, 2002.

A. Srivastava and J. Giffin, Tamper-Resistant, Application-Aware Blocking of Malicious Network Connections, Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection, pp.39-58, 2008.
DOI : 10.1007/978-3-540-87403-4_3

W. , R. Stevens, . Tcp, and . Ip, ): the protocols, 1993.

W. , R. Stevens, . Tcp, and . Ip, ): the protocols, 1993.

C. Stoll, Stalking the wily hacker, Communications of the ACM, vol.31, issue.5, pp.31484-497, 1988.
DOI : 10.1145/42411.42412

J. Stone and C. Partridge, When the CRC and TCP checksum disagree, ACM SIGCOMM Computer Communication Review, vol.30, issue.4, pp.309-319, 2000.
DOI : 10.1145/347057.347561

S. Richard, A. G. Sutton, and . Barto, Reinforcement Learning: An Introduction (Adaptive Computation and Machine Learning), 1998.

M. Tan, Multi-Agent Reinforcement Learning: Independent vs. Cooperative Agents, Proceedings of the Tenth International Conference on Machine Learning, pp.330-337, 1993.
DOI : 10.1016/B978-1-55860-307-3.50049-6

P. Van-hau and M. Dacier, Honeypot trace forensics: The observation viewpoint matters, Future Generation Computer Systems, 2010.

V. Vapnik, Statistical Learning Theory, 1998.

F. Vega-redondo, Economics and the Theory of Games, 2003.
DOI : 10.1017/CBO9780511753954

E. Vidal, F. Thollard, C. De-la-higuera, F. Casacuberta, and R. Carrasco, Probabilistic finite-state machines - part I, IEEE Transactions on Pattern Analysis and Machine Intelligence, vol.27, issue.7, pp.1013-1025, 2005.
DOI : 10.1109/TPAMI.2005.147

URL : https://hal.archives-ouvertes.fr/ujm-00326243

. John-von-neumann, Zur Theorie der Gesellschaftsspiele, Mathematische Annalen, vol.100, issue.1, pp.295-320, 1928.
DOI : 10.1007/BF01448847

J. Von, N. , and O. Morgenstern, Theory of Games and Economic Behavior, 1944.

M. Vrable, J. Ma, J. Chen, D. Moore, E. Vandekieft et al., Scalability, fidelity, and containment in the potemkin virtual honeyfarm, ACM SIGOPS Operating Systems Review, vol.39, issue.5, pp.148-162, 2005.
DOI : 10.1145/1095809.1095825

G. Wagener, AHA -Adaptive Honeypot Alternative Wagener-AHA-Adaptive-Honeypot-Alternative-slides.pdf, 2010.

G. Wagener, A. Dulaunoy, and T. Engel, Adaptive and self-configurable honeypots. to appear in the 12th IFIP, IEEE International Symposium on Integrated Network Management

G. Wagener, A. Dulaunoy, and T. Engel, Towards an Estimation of the Accuracy of TCP Reassembly in Network Forensics, 2008 Second International Conference on Future Generation Communication and Networking, pp.273-278, 2008.
DOI : 10.1109/FGCN.2008.118

G. Wagener and T. Engel, Attacking the TCP Reassembly Plane of Network Forensics Tools, IT Underground XI. Software-Konferencje, 2008.

G. Wagener, R. State, A. Dulaunoy, and T. Engel, Self Adaptive High Interaction Honeypots Driven by Game Theory, SSS, pp.741-755, 2009.
DOI : 10.1007/978-3-642-05118-0_51

G. Wagener, R. State, A. Dulaunoy, and T. Engel, Heliza: talking dirty to the attackers Online first: doi 10, Journal in Computer Virology, pp.11416-11426, 1007.

G. Wagener, R. State, and A. Dulaunoy, Malware behaviour analysis, Journal in Computer Virology, vol.5, issue.2, pp.279-287, 2008.
DOI : 10.1007/s11416-007-0074-9

C. Wagner, G. Wagener, R. State, A. Dulaunoy, and T. Engel, PeekKernelFlows, Proceedings of the Seventh International Symposium on Visualization for Cyber Security, VizSec '10, pp.52-57, 2010.
DOI : 10.1145/1850795.1850801

C. Wagner, G. Wagener, R. State, and T. Engel, Malware analysis with graph kernels and support vector machines, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE), pp.63-68, 2009.
DOI : 10.1109/MALWARE.2009.5403018

C. Warrender, S. Forrest, and B. Pearlmutter, Detecting intrusions using system calls: alternative data models, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344), pp.133-145, 1999.
DOI : 10.1109/SECPRI.1999.766910

W. Wei, H. X. Guan, L. Zhang, and . Xiang, Modeling program behaviors by hidden Markov models for intrusion detection, Proceedings of 2004 International Conference on, pp.2830-2835, 2004.

C. Willems, T. Holz, and F. Freiling, Toward Automated Dynamic Malware Analysis Using CWSandbox, IEEE Security and Privacy Magazine, vol.5, issue.2, pp.32-39, 2007.
DOI : 10.1109/MSP.2007.45

C. Wright, C. Cowan, and J. Morris, Linux security modules: general security support for the linux kernel, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems], pp.17-31, 2002.
DOI : 10.1109/FITS.2003.1264934

J. Xuxian and X. Dongyan, Collapsar: A VM-Based Architecture for Network Attack Detention Center, Proceedings of the 13th USENIX Security Symposium, pp.15-28, 2004.

J. Xuxian, X. Dongyan, and W. Yi-min, Collapsar: a VM-based honeyfarm and reverse honeyfarm architecture for network attack capture and detention, J. Parallel Distrib. Comput, vol.66, issue.9, pp.1165-1180, 2006.

J. Xuxian and W. Xinyuan, Out-the-Box " monitoring of VM-Based High-Interaction Honeypots, Recent Advances in Intrusion Detection, pp.198-218, 2007.

J. Xuxian and W. Xinyuan, out-of-the-box " monitoring of vm-based high-interaction honeypots, RAID, pp.198-218, 2007.

T. Ylönen, SSH -Secure Login Connections over the Internet, Proceedings of the 6th USENIX Security Symposium, pp.37-42, 1996.

J. Yuill, F. Wu-shyhtsun, G. Fengmin, and H. Ming-yuh, Intrusion Detection for an On- Going Attack, Recent Advances in Intrusion Detection, 1999.

L. E. Zachrisson, Markov Games, Advances in game theory, pp.211-253, 1964.

J. Zhuge, T. Holz, X. Han, C. Song, and W. Zou, Collecting Autonomous Spreading Malware Using High-Interaction Honeypots, ICICS'07: Proceedings of the 9th international conference on Information and communications security, pp.438-451, 2007.
DOI : 10.1007/978-3-540-77048-0_34

J. Zhuge, T. Holz, C. Song, J. Guo, X. Han et al., Studying Malicious Websites and the Underground Economy on the Chinese Web, Managing Information Risk and the Economics of Security, pp.225-244, 2009.
DOI : 10.1007/978-0-387-09762-6_11

C. Cliff, R. Zou, and . Cunningham, Honeypot-aware advanced botnet construction and maintenance, International Conference on Dependable Systems and Networks, pp.199-208, 2006.