Title :
Analyzing the process of installing rogue software
Author :
Berthier, Robin ; Arjona, Jorge ; Cukier, Michel
Author_Institution :
Dept. of Mech. Eng., Univ. of Maryland, College Park, MD, USA
fDate :
June 29 2009-July 2 2009
Abstract :
This practical experience report presents the results of an experiment aimed at understanding the sequence of malicious actions following a remote compromise. The type of rogue software installed during attacks was used to classify and understand sequences of malicious actions. For this experiment, we used four Linux target computers running SSH with simple passwords. During the eight-month data collection period, we recorded a total of 1,171 attack sessions. In these sessions, attackers typed a total of 20,335 commands that we categorized into 24 specific actions. These actions were analyzed based on the type of rogue software installed by attackers.
Keywords :
Linux; security of data; Linux target computers; malicious actions; rogue software installation; Computer networks; Computerized monitoring; Educational institutions; Information analysis; Linux; Mechanical engineering; Military computing; Radio access networks; Risk analysis; Telecommunications;
Conference_Titel :
Dependable Systems & Networks, 2009. DSN '09. IEEE/IFIP International Conference on
Conference_Location :
Lisbon
Print_ISBN :
978-1-4244-4422-9
Electronic_ISBN :
978-1-4244-4421-2
DOI :
10.1109/DSN.2009.5270293
