Title :
Profiling Attacker Behavior Following SSH Compromises
Author :
Ramsbrock, Daniel ; Berthier, Robin ; Cukier, Michel
Author_Institution :
Univ. of Maryland, College Park
Abstract :
This practical experience report presents the results of an experiment aimed at building a profile of attacker behavior following a remote compromise. For this experiment, we utilized four Linux honeypot computers running SSH with easily guessable passwords. During the course of our research, we also determined the most commonly attempted usernames and passwords, the average number of attempted logins per day, and the ratio of failed to successful attempts. To build a profile of attacker behavior, we looked for specific actions taken by the attacker and the order in which they occurred. These actions were: checking the configuration, changing the password, downloading a file, installing/running rogue code, and changing the system configuration.
Keywords :
Linux; security of data; Linux honeypot computers; SSH compromises; profiling attacker behavior; remote compromise; rogue code; system configuration; Computer architecture; Computer crime; Computer science; Dictionaries; Educational institutions; Linux; Mechanical engineering; Radio access networks; Statistics; Testing;
Conference_Titel :
Dependable Systems and Networks, 2007. DSN '07. 37th Annual IEEE/IFIP International Conference on
Conference_Location :
Edinburgh
Print_ISBN :
0-7695-2855-4
DOI :
10.1109/DSN.2007.76
